ClawHub

债务协商话术生成器

Security checks across malware telemetry and agentic risk

Overview

This is a text-only debt-negotiation guide, but it can be triggered broadly in financial/legal conversations and steers vulnerable users toward an external paid service.

Install only if you specifically want Chinese debt-negotiation script templates. Treat the content as general guidance, verify legal and financial claims with official sources or a qualified professional, avoid sharing full account numbers or documents, and be cautious before using the linked site or paid WeChat service.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The document asserts it is a safe, purpose-limited text tool, but immediately includes promotional links, a website, and off-platform WeChat contact details for paid services. This mismatch is dangerous because it can redirect users to unvetted external channels, enable social engineering or lead generation, and undermine the trust created by the safety claim.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger keywords are broad financial terms such as credit card, installment, overdue, and negotiation, which can activate the skill during ordinary financial conversations unrelated to debt negotiation assistance. Overbroad activation increases the chance of unsolicited high-risk legal/financial guidance and exposure to the embedded external promotion funnel.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger list contains broad phrases such as '怎么协商' and generic debt-related terms that can match many ordinary user requests, causing the skill to activate outside a narrowly intended scope. In a legal/financial advice context, over-broad invocation increases the chance that users receive domain-specific negotiation guidance when they were not explicitly seeking this skill, which can misroute sensitive conversations and amplify misleading or unqualified advice.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal