ClawHub

Pricing

Security checks across malware telemetry and agentic risk

Overview

This is a simple Chinese pricing-advice skill with broad activation terms, but it contains no code, credential access, network calls, persistence, or destructive behavior.

Install this if you want Chinese-language product or service pricing guidance. Be aware it may activate on general price-related prompts, and avoid sharing confidential business numbers unless you are comfortable including them in the chat.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger keywords are very generic pricing terms such as '价格' and 'pricing', which are likely to appear in many ordinary conversations unrelated to this specific skill. This can cause unintended activation, leading the agent to inject pricing guidance into unrelated contexts and reducing user control over skill invocation.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The description and read_when conditions are broad enough that the skill may activate whenever a user mentions charging, prices, or pricing strategy, without defining exclusion boundaries. Over-broad activation increases the chance of context collision, where the skill overrides more appropriate domain-specific behavior or steers the conversation unexpectedly.

Natural-Language Policy Violations

Medium
Confidence
82% confidence
Finding
The skill content is entirely in Chinese and implicitly requires Chinese-language interaction, but it does not state a justified locale restriction or offer fallback behavior for other user languages. This can create usability and control issues, including incorrect language switching or degraded comprehension if auto-activated for users who did not request Chinese.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal