ClawHub

self-correction

Security checks across malware telemetry and agentic risk

Overview

This is a conversational self-correction skill with overbroad Chinese trigger phrases, but no evidence of hidden access, data theft, persistence, or destructive behavior.

Install only if you want a Chinese-language correction workflow and can tolerate occasional false triggers when using phrases like '还有', '但是', '等等', or broad negations. Treat the included packaging scripts as manual developer utilities and only run them on directories you intend to package.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

High
Confidence
95% confidence
Finding
The trigger list includes very broad conversational phrases such as '等等', '等一下', and '停', which are common in ordinary dialogue and not specific to correction intent. This can cause the skill to activate unexpectedly, overriding the normal conversational path and making agent behavior easier to manipulate or derail.

Vague Triggers

High
Confidence
96% confidence
Finding
Phrases like '不是这样', '不是这个', and especially '我说的是...' are highly ambiguous and appear frequently in benign conversation. Without boundary conditions, the skill may hijack normal user turns and reinterpret intent incorrectly, creating prompt-routing instability and opportunities for adversarial steering.

Vague Triggers

Critical
Confidence
98% confidence
Finding
The '修正补充类' triggers include extremely common discourse markers like '还有' and '但是', which occur in routine follow-up requests. Because these tokens are so frequent, the skill can be triggered by ordinary conversation at scale, causing persistent misrouting, context resets, and a broad attack surface for prompt-level manipulation.

Vague Triggers

Critical
Confidence
99% confidence
Finding
A trigger rule based on single negation-word patterns like '不'+verb or '没'+verb is dangerously overbroad. Negation is ubiquitous in normal language, so this design can cause near-arbitrary activation, making the skill easy to invoke unintentionally or deliberately to disrupt intended agent control flow.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal