ClawHub
Back to skill

Security audit

面经-商业分析面试通关

Security checks across malware telemetry and agentic risk

Overview

This appears to be a career interview-prep skill with broad example prompts but no evidence of hidden access, persistence, or harmful behavior.

Safe to install for interview-preparation use. Prefer invoking it explicitly by name if your host supports manual skill selection, and avoid sharing sensitive employer-confidential details unless needed for the coaching task.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The Chinese trigger examples are broad natural-language requests such as asking for interview preparation or project-storytelling help, without any clear namespace, prefix, or invocation boundary. In hosts that auto-route on semantic similarity, these phrases could activate the skill unintentionally during ordinary conversation, causing prompt hijacking of user intent, unexpected tool selection, or disclosure of skill content when the user did not explicitly choose this skill.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The English examples use generic help-style prompts like 'Help me prepare...' and 'How do I use STAR method...' that are common user utterances across many assistants and domains. If the platform matches skills by similarity or trigger text, these phrases increase the chance of accidental activation, leading to incorrect routing and making it easier for this skill to intercept unrelated requests about interviews, negotiation, or project explanations.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.