ClawHub

Hutian Opc Culture Dd

Security checks across malware telemetry and agentic risk

Overview

This is a static due-diligence guidance skill whose sensitive data requests fit its business-review purpose, but users should handle confidential records and investment conclusions carefully.

Install only if you are authorized to review the target company. Avoid pasting unnecessary personal or confidential records into an agent, redact sensitive identifiers where possible, store materials securely, and treat generated ratings or investment recommendations as draft decision-support for legal, financial, and business professionals to validate.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly directs collection of sensitive business data and potentially personal data through screenshots, interviews, financial records, contracts, and bank-flow cross-checking, but provides no privacy notice, data-minimization guidance, access controls, or retention/handling requirements. In a due-diligence context, this increases the chance that an agent or user will over-collect confidential information or process it without proper authorization, creating privacy, confidentiality, and compliance risk.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill provides a rigid due-diligence reporting template and scoring framework intended to support investment, M&A, and incubation decisions, yet it does not clearly warn that outputs are advisory only and must be validated by qualified humans before use. This is dangerous because users may over-rely on generated scores, risk ratings, and investment recommendations as decision-ready analysis despite possible data gaps, model error, or incomplete verification.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal