ClawHub

头脑风暴

Security checks across malware telemetry and agentic risk

Overview

This is a text-only Chinese brainstorming helper with broad activation wording but no system access, code execution, persistence, or data-transfer behavior.

Install this if you want a Chinese-language structured brainstorming workflow. Consider narrowing when your agent should invoke it so it does not take over specialized tasks, and avoid sharing secrets or confidential business details unless you are comfortable discussing them in the conversation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The skill description is extremely broad ('适用于任何需要思考的场景', '任何领域都能用'), which can cause the agent to activate for a very wide range of ordinary requests. Over-broad routing increases the chance of misclassification, unexpected interception of user tasks, and unintended precedence over more specialized or safer skills.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The usage scope includes a catch-all condition ('任何需要"想清楚再动手"的事') without meaningful limits. This makes the skill eligible for many ambiguous prompts, which can degrade agent safety and predictability by pulling conversations into this workflow when a different skill or direct response would be more appropriate.

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
The skill content is written entirely in Chinese and does not offer language choice or justify a locale restriction. In multi-language environments this can force an unexpected language shift, confuse users, and create reliability and consent issues if the skill activates for users who did not request Chinese output.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal