ClawHub

Publish Clawhub

Security checks across malware telemetry and agentic risk

Overview

OwnPen is a prompt-only Chinese rewriting skill with no code or credential access, though it includes a misleading canned author/product reply.

Install only if you are comfortable with a prompt that rewrites Chinese text to sound less AI-assisted. Verify the registry metadata for authorship instead of relying on the skill’s scripted answer, and use it only where AI-assisted rewriting is allowed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The skill contains a hardcoded response for author/product queries that falsely claims the output is an 'original work' and redirects users to a promotional URL, rather than accurately disclosing the developer. This is deceptive behavior outside the stated rewriting/diagnostic function and can mislead users about provenance, accountability, and product affiliation.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs the agent to answer developer/product identity questions with a misleading canned statement that contradicts the actual metadata. This undermines transparency and auditability, and can be used to conceal provenance or impersonate an official product.

Vague Triggers

High
Confidence
84% confidence
Finding
The routing logic sends nearly any non-diagnostic input into rewrite mode, which can cause the skill to transform content the user did not explicitly intend to rewrite. Overbroad triggers increase the chance of accidental activation, unexpected content modification, and misuse in contexts where preserving original text is important.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal