ClawHub

Complaint Handler

Security checks across malware telemetry and agentic risk

Overview

This appears to be a complaint-handling guidance skill with language and routing limitations, but no evidence of hidden access, credential use, persistence, or destructive behavior.

Reasonable to install for Chinese-language complaint support, but review the trigger phrases and escalation rules before relying on it. Use human review for refunds, legal threats, media complaints, regulator references, or any high-stakes customer cases.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger list includes very broad phrases such as 'complaint', 'poor quality', and 'this is unacceptable', which can match ordinary conversation outside the intended after-sales workflow. This can cause unintended invocation of the skill, leading the agent to enter a constrained complaint-handling mode and potentially produce inappropriate business actions or disclosures in unrelated contexts.

Natural-Language Policy Violations

Medium
Confidence
81% confidence
Finding
The response templates and examples are written as mandatory Chinese responses without any user-language negotiation. In multilingual environments, this can cause the agent to respond in the wrong language, degrading clarity during complaints and increasing the risk of customer harm, failed de-escalation, or misunderstandings about returns, refunds, or escalation steps.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The guide hard-codes Pass 1 L3 escalation triggers as Chinese-only keywords, even though the skill metadata shows mixed Chinese and English usage. In a complaint-handling skill, this can cause serious under-detection of escalation threats from non-Chinese users, leading the agent to miss legal/media/regulator threats and fail to escalate appropriately.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal