ClawHub
Back to skill

Security audit

中文防AI味写作助手

Security checks across malware telemetry and agentic risk

Overview

This is a Chinese writing-style helper with no executable code or hidden data access, though its trigger phrases are broad enough that users should enable it only when they want that style applied.

Install this if you specifically want Chinese text rewritten in a more colloquial, less AI-like voice. Be aware that broad triggers may apply this style to general Chinese writing requests, so review outputs for tone, accuracy, and appropriateness in formal or multilingual contexts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger conditions are broad and generic, covering common requests like writing, rewriting, and quality review. This can cause the skill to activate in contexts where the user did not ask for Chinese humanization, potentially overriding user intent, style, or task constraints and creating prompt-routing confusion.

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
The metadata hard-codes the skill to zh-CN and positions it as a Chinese-localized writing assistant without any indication of user consent or fallback behavior. If auto-selected, it may force Chinese-language or Chinese-style transformations on content that the user expected to remain in another language or neutral register, leading to unintended output changes and degraded reliability.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger list includes very generic phrases such as '改写', '润色', and '内容创作' that are common in ordinary user requests. This can cause the skill to activate unintentionally in unrelated contexts, increasing the chance of prompt interception or inappropriate rewriting of content the user did not intend to route through this skill.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.