ClawHub
Back to skill

Security audit

Creative Workshop

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent creative and startup-planning assistant, with privacy and overreliance cautions but no evidence of deception, exfiltration, or destructive behavior.

Install only if you are comfortable using it for startup and IP planning conversations. Avoid sharing trade secrets, unpublished invention details, source code, credentials, or personal data until the publisher clarifies whether patent-search tools or logs receive that content. Treat financial and IP outputs as planning guidance, not professional legal, patent, or investment advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (11)

Description-Behavior Mismatch

Medium
Confidence
84% confidence
Finding
The skill states that AI will automatically perform patent novelty searches and similarity analysis across named external databases, which expands the agent from advisory content generation into implied autonomous external-action behavior. If the runtime actually has tool or network access, this can cause unreviewed data transmission, inaccurate claims about completed diligence, and user overreliance on results presented as if they were verified searches.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The implicit triggers are broad enough to match ordinary entrepreneurial or product-discussion prompts, which can cause unintended activation of this skill. In agent-routing systems, overbroad activation increases the chance of prompt hijacking of the conversation flow, bypassing user intent, or causing the skill to answer outside its intended scope.

Vague Triggers

Medium
Confidence
91% confidence
Finding
Several explicit trigger phrases, such as requests about market analysis, business models, or创业咨询, are common across many benign conversations and could activate the skill too aggressively. In a multi-skill environment, this can lead to unauthorized context capture, incorrect routing, and responses that override more appropriate domain-specific behaviors.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The document defines an IP guidance function that classifies protection strategies and generates application material checklists, but in the scoped feature section it does not require a user-facing disclaimer that the output is not legal advice. Because users may rely on this guidance for patent, trademark, or copyright decisions, omission of a prominent warning increases the risk of harmful overreliance and compliance issues.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger phrase “创新方案” is broad enough to overlap with ordinary ideation or proposal discussions, which can cause unintended skill invocation. In this workflow, accidental activation may route user content into structured analysis and logging paths the user did not explicitly request, increasing privacy and control risks.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger “查新” is short and ambiguous, so normal discussion about novelty checks could unintentionally activate the patent-search skill. Because this skill processes technical features and may query sensitive innovation details, accidental calls can expose proprietary information or create unnecessary data processing.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The phrase “IP保护” covers a wide range of general legal or strategy discussions and does not clearly signal a concrete tool invocation. In a system that automatically loads skills, this can cause overcollection of business or invention details and trigger action-oriented IP workflows without sufficiently explicit user intent.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The trigger “商业模式” is broad and likely to appear in normal conversation, making unintended activation of the business analysis suite plausible. Given that the suite can analyze markets, revenue models, and competitors, accidental invocation may process sensitive commercial planning data outside user expectations.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The log schema explicitly records session IDs, project IDs, input parameters, and human interaction content, but the document provides no notice, consent mechanism, retention limit, or privacy controls. This creates a meaningful privacy and compliance risk because sensitive invention, business, and user interaction data may be stored without transparency or minimization.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The workflow explicitly logs an "input_summary" derived from user creative descriptions, but the document provides no data minimization rules, retention limits, redaction requirements, or user notice/consent controls. Because this skill handles potentially sensitive business ideas, invention details, and commercial strategy, even summaries can leak confidential or personal information through logs.

Ssd 3

Medium
Confidence
96% confidence
Finding
The logging schema stores user-provided interaction content in plain language and shows no minimization, masking, or field-level protection. In this skill context, users may provide confidential invention details, business plans, and IP strategy information, so plaintext retention materially increases breach impact and insider misuse risk.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal