ClawHub

ancient-man

Security checks across malware telemetry and agentic risk

Overview

This skill is mainly a disclosed Chinese response-compression tool, with some clarity and privacy caveats but no evidence of hidden, destructive, or data-stealing behavior.

Install only if you want Chinese compressed responses. Do not use ultra/classical modes for high-stakes or step-by-step safety work, and avoid running document/index integrations on secrets unless you are comfortable with originals and mapping logs being kept in local result objects or indexes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The module-level docstring claims the compressor preserves technical accuracy, but the implementation performs highly lossy substitutions, including deleting function words and collapsing different technical concepts into the same single-character output. In an agent skill context, this can cause materially incorrect technical guidance or distorted operational instructions while presenting the output as trustworthy.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The method docstring repeats the claim that compression maintains technical accuracy, yet the method replaces many distinct words with identical short forms and strips connective particles broadly. That mismatch can mislead downstream users or systems into treating compressed output as semantically faithful when it may omit conditions, causality, or distinctions important for safe technical execution.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill auto-triggers on broad phrases like '简洁点' or '少用点token', which can activate compression without clear user consent. In safety-sensitive or technical contexts, unexpected compression can omit nuance, warnings, caveats, or procedural detail, increasing the chance of user error or unsafe action. The skill partially mitigates this with an '自动清晰模式' for dangerous cases, but trigger ambiguity still makes accidental activation plausible.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The parser stores full uncompressed document contents in an `original_text` field even though the feature is presented as compression. In a retrieval/indexing pipeline, this can silently retain sensitive source material in memory, logs, serialized indexes, or downstream stores, undermining privacy expectations and increasing data exposure if the index or nodes are later leaked.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger terms for classical mode are broad and overlap with ordinary user language such as requests for elegance or refinement. This can cause non-consensual mode switching, leading the assistant to adopt compressed or archaic phrasing when the user did not intend it, which is especially risky for safety-critical, medical, legal, or operational instructions where clarity matters.

Natural-Language Policy Violations

Medium
Confidence
78% confidence
Finding
The skill is framed as a default Chinese-response mode without clear user consent or language negotiation. In multilingual or mixed-language contexts, this can override user expectations and reduce comprehension; in security-sensitive workflows, forcing compressed Chinese output may hide important nuance, warnings, or procedural detail from users who need another language or fuller explanations.

Natural-Language Policy Violations

Medium
Confidence
91% confidence
Finding
The file explicitly defines and advertises a mode that converts output into Chinese/classical Chinese without any visible user opt-in or locale check. In an agent skill, forced language/style transformation can degrade user comprehension, obscure safety-critical guidance, and cause the agent to disregard user preferences or system expectations, which is a real policy and usability security concern even if not traditional code execution.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal