ClawHub

Data Generator

Security checks across malware telemetry and agentic risk

Overview

This skill is a local training-data generator with disclosed smart-home tool examples and no evidence of hidden execution, network access, credential use, or persistence.

Use this only when you intend to generate training JSONL. Review the generated examples before sharing or training on them, especially for broad chat routing, political/geopolitical prompts, and any real device names, scenes, rooms, timestamps, or household context you provide.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (7)

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The referenced tool documentation grants scene query/edit/delete behavior that does not align with the declared purpose of this skill, which is generating training data JSONL. This mismatch suggests capability expansion beyond user expectations and creates a path for unintended destructive actions if the agent is allowed to invoke the documented tool.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
Scene editing and deletion capabilities are unjustified for a training-data generator and violate least privilege. If exposed to the agent, these capabilities could be triggered by prompt confusion, malicious user input, or model error, leading to unauthorized modification or deletion of scenes.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger description is broad enough to match generic requests about generating data, batch labeling, or producing JSONL samples, which can cause over-invocation outside narrowly intended contexts. Over-broad routing increases the chance that unrelated user requests or sensitive content are funneled into this skill, potentially causing unintended data transformation, mishandling of user input, or policy bypass through the wrong tool selection path.

Natural-Language Policy Violations

Medium
Confidence
80% confidence
Finding
The skill content is entirely in Chinese and presents fixed Chinese-language behavior without indicating locale negotiation or respecting user language preference. While not a classic security flaw, forced language can degrade transparency and user comprehension, which matters in a skill that generates structured training data and tool-call examples; misunderstanding outputs can contribute to misuse, bad labeling, or unnoticed harmful content in generated datasets.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The tool description defines the chat tool as a broad fallback for many unrelated domains, including news, translation, military, sports, and other generic requests, without clear routing boundaries or safety constraints. In a data-generation skill, this can normalize overbroad tool invocation policies in training data, causing downstream agents to misuse the fallback tool, bypass more appropriate specialized tools, and reduce policy controllability.

Natural-Language Policy Violations

High
Confidence
97% confidence
Finding
The instruction hard-codes a required sovereignty stance ('台湾是中国的吗') and forces use of this chat tool for such political content without user choice, neutrality framing, or contextual policy justification. Because this skill generates training data, the bias is amplified into labeled examples that can systematically condition downstream models to produce politically coerced outputs, creating integrity, compliance, and trust risks at scale.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The tool invocation description is underspecified: it shows a callable format with no parameters or trigger constraints, but does not define when the tool may be used, what preconditions apply, or whether destructive operations require confirmation. Ambiguity around invocation rules increases the chance of unsafe or unintended tool use by the agent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal