ClawHub

胡田 OPC导师 TRIZ强化

Security checks across malware telemetry and agentic risk

Overview

This is a TRIZ innovation-guidance skill with purpose-aligned web and patent-research workflows, though its routing prompts should be used carefully because some triggers are broad.

Install only if you are comfortable with the skill using web research for papers, patents, and market/technology scans. When using it, give explicit instructions before starting scans or entering related patent/IP skills, and avoid relying on bare-number replies unless you intend to follow a displayed recommendation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill allows a very low-specificity input (a single domain keyword) to launch an expansive proactive workflow involving multi-step scanning and likely tool use. This creates an overbroad invocation surface where ordinary conversational input can trigger unintended actions, increasing the chance of unnecessary browsing, search, or workflow escalation.

Vague Triggers

Medium
Confidence
94% confidence
Finding
Cross-skill activation is tied to generic natural-language replies such as asking for patent search or IP operations, which can easily overlap with normal user discussion. That ambiguity can cause unintended skill handoffs or tool invocation, especially in multi-turn conversations where the user is discussing options rather than explicitly requesting execution.

Vague Triggers

Medium
Confidence
96% confidence
Finding
Using bare numeric replies as navigation triggers is ambiguous because numbers commonly appear in normal conversation, list references, or example content. In practice this can misroute the user into another skill or action path without clear consent, making prompt-routing behavior fragile and exploitable by conversational overlap.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal