ClawHub

prodecoder

Security checks across malware telemetry and agentic risk

Overview

This skill is a content-analysis helper, but it explicitly teaches moderation or traffic-limit evasion and can generate reusable imitation prompts.

Install only if you intend to use it for compliant content review or defensive analysis. Do not use its bypass or imitation guidance to evade platform rules, and provide only public, intended URLs for analysis.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Low
Confidence
83% confidence
Finding
The skill explicitly states it will call a browser-capable agent to fetch user-supplied URLs, but it does not warn users that external network access will occur or describe any restrictions on what URLs may be fetched. This can create SSRF-like or privacy risks if internal, sensitive, or tracking URLs are submitted and the fetch behavior is not constrained.

Ssd 2

Medium
Confidence
95% confidence
Finding
The skill advertises analysis of homophones and variant characters specifically for bypassing platform moderation or traffic-limiting controls. That moves beyond neutral analysis into facilitating evasion of safety and policy enforcement, which can enable prohibited, deceptive, or abusive content distribution.

Ssd 4

Medium
Confidence
94% confidence
Finding
The combination of '网安级审计' of evasion tactics and providing directly usable imitation prompts materially increases the likelihood that users will replicate or scale evasive content strategies. In this context, the skill is not just descriptive; it operationalizes policy evasion into reusable outputs, making harmful misuse easier.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal