ClawHub

Tender Bidding Assistant

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed tender-document assistant that handles sensitive procurement material for its stated purpose and shows no hidden data theft, persistence, or destructive behavior.

Use this only for procurement work your organization permits an AI assistant to process. Redact real prices, client names, identity numbers, phone numbers, technical secrets, and authorization details; limit file access to project-scoped documents; and have qualified procurement or legal staff verify generated documents, regulatory claims, and bid strategy before submission.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Unrestricted Tool Access

Medium
Category
Excessive Agency
Content
- Does NOT provide strategies to evade AI-based collusion detection (machine code/IP/MAC address manipulation).
- Does NOT generate technical proposals with substantially similar content to other bidders.

**Allowed Tools:** `Bash, Read, Write, Glob, WebSearch, WebFetch` — used to analyze bid documents, generate templates, search regulatory updates, and fetch reference materials. All generated content is for reference only — final bid documents must be reviewed by qualified professionals.

**Legal Basis:** China's Bidding Law (招标投标法), Government Procurement Law (政府采购法) with 2026 amendments, NDRC AI Implementation Guidelines (发改法规〔2026〕195号). AI is an assistive tool only; it does not replace the independent judgment and legal responsibility of bidders, bid-evaluation experts, or procuring entities.
Confidence
86% confidence
Finding
Tools:*

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal