ClawHub

胡田 OPC导师 量子电池 英文版

Security checks across malware telemetry and agentic risk

Overview

This is a coherent quantum-battery research and due-diligence knowledge skill, with a disclosed but caution-worthy ability to refresh its own local reference files.

Install only if you are comfortable with a research skill that may update its own local knowledge-base markdown files. Keep the reference directory under version control, review any generated diffs before relying on investment or technical conclusions, and require sources for any latest-research claims.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill is presented as a due-diligence knowledge and assessment framework, but its harness authorizes rewriting and regenerating local reference files. That creates an integrity and scope-expansion risk: a read-oriented analysis skill can unexpectedly modify repository contents, alter evidence used in future assessments, or overwrite curated materials without explicit user consent. In this context, the mismatch between stated purpose and write-capable self-healing makes the behavior more dangerous, not less, because users would reasonably expect passive analysis rather than content mutation.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The documented harness requires filesystem write access to update or regenerate reference materials even though the skill's stated function is assessment and knowledge retrieval. Unnecessary write capability violates least privilege and increases the blast radius of prompt abuse, misconfiguration, or accidental execution by allowing modification of local files that may be trusted as source material. The due-diligence context makes this especially risky because repository integrity is part of the trust model for analysis outputs.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The self-heal rule to 'search latest materials' implies external research/network behavior not clearly declared in the manifest's purpose or capabilities. Hidden or ambiguous outbound retrieval can introduce unvetted data into the knowledge base, create reproducibility issues, and expand the skill's effective permissions beyond what users expect from a local due-diligence framework. In a technical assessment skill, silently mixing local curated sources with external search results can corrupt provenance and trust.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill permits writing and regenerating knowledge-base files without a clear user-facing warning that repository contents may be modified. This creates a consent and transparency failure: users invoking an analysis skill may unintentionally trigger persistent changes, potentially overwriting documents, altering future outputs, or contaminating version-controlled content. The skill context increases danger because the modified files are the very references later used for diligence and investment analysis.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal