ClawHub

java-standards-alibaba

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Java coding-standards skill whose main caveat is broad automatic application to Java tasks.

Install this if you want Alibaba Java Development Guidelines applied by default to Java-related coding and review tasks. Be aware it may conflict with another project or company style guide, so disable or override it when those conventions are not desired.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The skill declares automatic activation for essentially any Java coding task, including broad prompts like writing, modifying, optimizing, or reviewing code. This creates an overreach risk where the skill may inject prescriptive behavior into many unrelated requests, reducing user control and potentially causing unwanted instruction interference across normal Java workflows.

Vague Triggers

Medium
Confidence
97% confidence
Finding
The skill declares activation for essentially any Java code generation, modification, or review task, making it highly invasive in normal workflows. Overly broad trigger scope can cause unintended takeover of unrelated tasks, reduce user control, and amplify any bad guidance embedded in the skill across a wide set of requests.

Natural-Language Policy Violations

Medium
Confidence
90% confidence
Finding
The skill text mandates Chinese-language guidance and strict compliance without checking user language preference. This can degrade usability, create misunderstanding in security- or code-critical contexts, and override user expectations in a way that is inappropriate for a generally applicable coding skill.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal