ClawHub

Hutian Opc Ma Execution

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only M&A execution skill with expected legal and due-diligence templates, but users should handle the sensitive documents it names through proper legal and privacy controls.

Install only if you need Chinese-language M&A execution templates and are prepared to apply your own legal, privacy, and information-security controls. Before using real deal data, require NDAs, use a secure data room or encrypted transfer, redact unnecessary personal and banking details, restrict access to need-to-know parties, define retention/deletion rules, and involve qualified legal, tax, and financial advisors.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This checklist systematically requests highly sensitive corporate, financial, legal, employee, and personal data, including ID documents, bank account details, payroll records, litigation files, and core personnel information, but provides no guidance on minimization, lawful basis, redaction, access control, retention, or secure transmission. In an M&A due diligence context, this omission materially increases the risk of over-collection, privacy violations, confidentiality breaches, and unauthorized disclosure of trade secrets and personal information.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The checklist explicitly requires transfer of highly sensitive operational and financial materials such as bank U-shields, account records, seals, and financial books, but it does not instruct users to protect credentials, limit disclosure, mask unnecessary data, or use controlled handover procedures. In an M&A closing context, omission of these safeguards can lead to credential misuse, unauthorized account access, fraud, or overexposure of confidential corporate data during transfer.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The document calls for delivery of employee rosters, social security records, labor contracts, and resumes, which contain personal information and potentially sensitive personal information, yet provides no notice about legal basis, minimization, redaction, confidentiality, or post-transfer retention limits. In a real transaction workflow, this can cause privacy law violations and unnecessary exposure of employee data to parties who may not need full underlying records.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The shareholder meeting notice and proxy template explicitly requests sensitive personal data such as身份证号、身份证复印件、股东账户卡、联系方式 and allows transmission by 传真/邮件, but does not include any privacy notice, minimization guidance, retention limits, or secure transmission requirements. In an M&A execution skill, these templates are likely to be used operationally, so omission of handling safeguards can lead to unnecessary collection, insecure sharing, and leakage of regulated personal information.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal