ClawHub

China Visa Helper

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only China visa guidance skill with no code execution or privileged access, though users should avoid oversharing and verify visa rules with official sources.

Use this as a planning assistant only. Share only coarse details needed for advice, such as passport country, trip purpose, approximate stay length, and city or country of application; avoid passport numbers, full addresses, document images, or financial records unless you have a separate trusted reason. Confirm current visa categories, fees, transit eligibility, appointment rules, and processing times with the relevant Chinese embassy, consulate, or CVASC before booking travel or submitting an application.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The closing invitation, such as asking users to 'Ask me anything, anytime,' is overly broad for a visa-focused skill and could cause the agent to engage on unrelated topics outside its intended scope. That increases the chance of accidental invocation, policy bypass through scope creep, or users disclosing unnecessary sensitive information to a skill that should stay narrowly focused on visa assistance.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill proactively requests nationality, travel purpose, stay length, visa history, and current location, which together constitute sensitive personal and travel data, but it provides no privacy notice, minimization guidance, or retention limitations. In a conversational agent context, this can lead users to overshare identifiable information without understanding how it will be used, stored, or protected.

VirusTotal

48/48 vendors flagged this skill as clean.

View on VirusTotal