ClawHub

日更100条方法论

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a disclosed short-video marketing coach, but it defaults to saving identifiable business plans and includes high-risk persuasion, scraping, and publishing workflows without enough user controls.

Install only if you are comfortable with a Chinese-language marketing skill that may steer conversations toward aggressive controversy-based content. Do not provide confidential company, employee, customer, or product information unless you are prepared for it to be saved and reused. Before using any scraping, messaging, or publishing workflow, confirm authorization, platform rules, exact recipients/destinations, and final content preview.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (15)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger list includes broad, natural-language phrases such as '帮我做方案', '帮我起号', and '帮我写口播' that can plausibly appear in ordinary conversation outside the intended security boundary. This raises the risk of unintended skill activation, causing the agent to apply the skill in contexts the user did not explicitly mean to invoke, which is especially concerning because the skill steers toward aggressive content-production and controversy-oriented strategies.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger list includes very generic phrases such as '帮我做方案', '帮我起号', and '数据复盘', which can easily appear in unrelated conversations and cause unintended skill activation. In a content-generation skill, broad activation increases the chance of the model switching into this persona unexpectedly and applying its data collection and persistence behaviors without clear user intent.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill auto-activates its configuration workflow on broad requests like '帮我做方案/帮我起号/帮我写口播', which are common requests in many benign contexts. Because activation immediately leads to guided collection of business and personal profile details, ambiguous triggering can unintentionally funnel users into disclosure and downstream storage flows.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill says collected configuration will be saved to 'references/用户方案_{姓名}.md' for automatic reuse, but it does not provide clear notice, consent, retention limits, or a way to decline persistence. This is dangerous because users may disclose names, personality traits, business details, and operational information without realizing those details will be stored and reused later.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger list includes broad phrases such as '帮我做方案', '帮我起号', and '帮我写口播' that resemble ordinary user requests rather than narrowly scoped invocation terms. This raises the chance of unintended skill activation during unrelated conversations, which can cause the assistant to load this skill unexpectedly and steer outputs toward the skill author's methodology without clear user intent.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The skill defines broad activation conditions such as when the user says '介绍一下你自己' or '你能做什么', which are common conversational phrases and can unintentionally trigger this skill outside the user's actual intent. In an agent environment, this can cause incorrect routing, unexpected persona injection, and unsolicited persuasive guidance, especially because the script immediately pivots into collecting user context and steering behavior.

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
The script explicitly requires Chinese output in the activation flow without checking the user's preferred language or stating a strict locale limitation. This can mis-handle user requests, reduce transparency, and increase the chance of misunderstanding in multi-language environments, particularly when the agent is expected to adapt safely to user context.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The file frames itself as a broad end-to-end linkage map for turning scripts into videos, scraping competitor data, and distributing content, which can cause the parent skill to activate or escalate into additional tools on loosely specified user requests. In this context, overbroad activation is risky because the linked tools include scraping and outbound distribution capabilities, increasing the chance of unnecessary data collection or external actions without clear user intent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The markdown explicitly recommends scraping competitor account data and transcribing third-party content, but provides no warning about consent, platform terms, rate limits, personal data handling, or downstream reuse restrictions. That omission is dangerous because this skill is built for scaled content operations, so users may automate collection and reuse of third-party data in ways that violate platform policy, privacy expectations, or legal obligations.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The cross-platform distribution section describes browser-controlled sending and publishing to external channels without any warning, recipient verification, approval step, or disclosure that content may leave the current environment. This is dangerous because accidental or implicit invocation could send drafts, sensitive business content, or spam-like bulk messages to employees, groups, or public platforms, causing data leakage and reputational harm.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This section explicitly recommends deflecting complaints by framing them as '水军', shifting blame for quality issues, and using personas to neutralize criticism. That is manipulative reputation-management guidance that can be used to suppress legitimate complaints and mislead audiences, increasing legal, consumer-protection, and trust risks.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The controversy playbook encourages repeated public escalation, refusing to back down, and manufacturing social proof by packaging criticism as '群众的声音'. In a content-growth skill, this materially increases the chance of harassment campaigns, defamatory amplification, and platform-policy violations because it operationalizes outrage as a traffic tactic without meaningful safeguards.

Ssd 3

Medium
Confidence
97% confidence
Finding
This workflow persistently stores user-provided profile data in a per-user file and automatically reloads it in future interactions. In context, the stored data can include identifiable information and sensitive business strategy details, creating privacy leakage, unintended cross-session reuse, and potential unauthorized access risks if references are exposed or shared across users.

Ssd 3

Medium
Confidence
83% confidence
Finding
The default flow encourages users to supply additional company scale, product details, existing materials, employee information, and case specifics to improve the generated plan. While operationally useful, this increases the volume of potentially sensitive business and personal data collected, and when paired with the skill's persistence behavior, materially raises confidentiality and privacy risk.

Ssd 3

Medium
Confidence
95% confidence
Finding
The skill mandates saving generated plans to a file named with the user's name, directly tying identity to stored content artifacts. This is risky because the artifact may contain business plans, personality labels, or strategic material, and naming by real identity makes correlation, discovery, and accidental disclosure easier.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal