ClawHub

China Trip Guide

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward China travel guide skill, with caution needed around broad activation triggers and sensitive images or location details users may provide.

Install only if you want a China-focused travel assistant. Avoid uploading images with passports, full payment cards, prescriptions, or unrelated personal details, and verify time-sensitive visa, emergency, payment, transport, and medical information with official or local sources before relying on it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The entry point "help" is so generic that it can activate the travel skill during unrelated conversations, causing unintended context switching and potentially inappropriate emergency or travel guidance. In an agent environment with multiple skills, broad activation increases prompt-routing confusion and can interfere with higher-priority or domain-correct responses.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger "emergency" is ambiguous and may fire for any urgent topic, not specifically China travel emergencies. Because this skill provides emergency numbers and instructions, accidental activation could misroute users away from a more appropriate emergency, safety, or medical workflow for their actual location and situation.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger "translation" is overly broad and likely to collide with ordinary requests for translation unrelated to China travel. This can cause the skill to hijack generic language tasks and return constrained travel-oriented behavior instead of a general translation capability, degrading safety and reliability of routing.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The module-level trigger "help" repeats the same unsafe broad activation pattern inside the emergency module, making accidental invocation even more likely. In context, this is somewhat more dangerous because the module returns emergency-focused guidance and contact numbers that may be incorrect for the user's jurisdiction if activated out of scope.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal