ClawHub

Hutian Opc Investor Dd

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a due-diligence reference package, but one reference file contains an embedded tool-call style instruction to write files, which is not part of the stated due-diligence purpose.

Install only if you are comfortable treating the reference files as untrusted text and your agent will not execute embedded tool-call blocks from retrieved markdown. The publisher should remove the write_file-style block from references/投资协议要点库.md before this is considered clean.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

High
Confidence
99% confidence
Finding
This reference file is supposed to be passive due-diligence content, but it embeds an explicit tool-call style instruction to create files via write_file. That creates an instruction-in-data vulnerability: if an agent ingests the markdown and treats it as executable guidance, it could modify the local workspace without an explicit user request.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The document masquerades as a knowledge-base reference but contains actionable content that can cause side effects, namely writing new reference files. This is dangerous because it blurs the boundary between informational content and agent instructions, enabling prompt injection through a seemingly benign markdown file.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The markdown instructs use of write_file to create new files without any explicit user-facing confirmation or safety boundary around local modifications. Even if intended as workflow scaffolding, this can still cause unauthorized file changes when consumed by an agent that follows inline instructions from context.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal