ClawHub

小说创作助手

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Chinese novel-writing assistant; its main caveat is that it expects outputs and interaction records to be saved as Feishu documents.

Install this if you want a structured Chinese-language novel-writing workflow. Before using the Feishu document flow, confirm which workspace will receive the documents, who can access them, and whether unpublished or personal story material should stay in chat instead.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
96% confidence
Finding
The trigger list is very broad and includes generic writing-related phrases, which can cause the skill to activate for ordinary requests that do not clearly indicate consent to use this specialized workflow. In a system that auto-triggers tools or downstream actions, overbroad matching can route users into persistent document creation or data collection unexpectedly.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill states that documents are automatically generated in Feishu and elsewhere says interaction records are preserved, but it provides no user-facing notice, consent flow, retention statement, or scope limitation. This creates a privacy and data-governance risk because user prompts, drafts, character ideas, and potentially sensitive personal content may be stored or shared without informed consent.

Missing User Warnings

Low
Confidence
93% confidence
Finding
The workflow says it will automatically proceed to the next step while all outputs are presented as Feishu documents, but it does not warn users that continued interaction may create or persist additional documents over time. Automatic progression increases the chance of silent accumulation of user content, drafts, and revisions in external storage without clear awareness or control.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal