ClawHub

汽车营销活动助手

Security checks across malware telemetry and agentic risk

Overview

This is a coherent automotive marketing template assistant; it does not collect data itself, but users should add privacy safeguards when using its lead-form recommendations.

Before installing, understand that this skill is designed to help create automotive marketing campaigns and lead forms. If you use it to build forms that collect names, phone numbers, vehicle interests, or store preferences, add a clear privacy notice and contact-consent language, collect only necessary fields, restrict access to exported data, and set retention/deletion rules. Review Eqxiu platform terms and any CRM/API integration before sending customer data through it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The document explicitly recommends collecting personal lead data such as names, phone numbers, and intended vehicle models, but provides no guidance on consent, privacy notice, retention, or lawful processing. In a marketing skill for auto dealers and OEMs, this omission is operationally significant because users are being directed to gather directly identifiable customer data for commercial follow-up.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The note that form templates should support collecting phone numbers as 'necessary information' normalizes sensitive lead capture without any balancing requirement for disclosure or consent. Because the skill is specifically designed for marketing funnels and customer acquisition, the context increases the likelihood of broad data collection and follow-on outreach without adequate transparency.

VirusTotal

48/48 vendors flagged this skill as clean.

View on VirusTotal