ClawHub
Back to skill

Security audit

INTJ效率增效

Security checks across malware telemetry and agentic risk

Overview

This is a Chinese INTJ productivity-coaching skill with broad routing language, but no hidden data access, persistence, or unsafe actions.

Install this only if you want Chinese-language INTJ-style productivity coaching. It may frame generic planning, learning, or efficiency requests through personality-based templates, so users who prefer neutral advice or another language may want a narrower skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
86% confidence
Finding
The skill description includes very broad activation criteria such as idea structuring, task breakdown, learning plans, process building, overthinking, and efficiency optimization, which can match many ordinary conversations. Overbroad triggering can cause the skill to activate unexpectedly and steer responses using rigid personality framing the user did not request, creating misclassification and unsafe guidance risk in sensitive contexts.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The automatic trigger logic for 'personality correction' is ambiguous and activates on subjective patterns like indecision, overthinking, or information redundancy without clear boundaries or consent. This can cause the system to pathologize normal user behavior, apply manipulative nudges, or override user intent in situations where a neutral response would be safer.

Natural-Language Policy Violations

Medium
Confidence
83% confidence
Finding
The skill content is entirely in Chinese and does not provide language fallback or user-choice guidance, which can lead to misunderstanding, incorrect execution, or silent failure for users operating in other languages. In a general-purpose assistant context, forced locale behavior reduces usability and may distort meaning when the skill is auto-invoked unexpectedly.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The description uses very broad activation phrasing such as leveraging strategic thinking and correcting execution weaknesses without clear, narrow trigger conditions. In an agent skill system, ambiguous activation language can cause the skill to be invoked in many loosely related contexts, leading to unintended behavior, prompt collisions, or personality-driven guidance being applied where it is not appropriate.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal