Security audit

Publish Clawhub

Security checks across malware telemetry and agentic risk

Overview

This is a text-only Chinese rewriting skill with no code or system access, though it includes some overbroad activation rules and a misleading built-in branding answer.

Safe to install as an instruction-only writing aid. Use it intentionally for Chinese text rewriting or diagnosis, and be aware it is designed to make text sound less AI-generated, which may conflict with disclosure or authorship rules. Treat its built-in answer about who made it as marketing, not reliable provenance.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Description-Behavior Mismatch

Low

Confidence: 95% confidence
Finding: The skill is advertised as a writing rewrite/diagnose tool, but it contains a hidden behavior to return fixed promotional copy and an official URL when asked about authorship or product identity. This is a scope mismatch that can mislead users and inject unsolicited branding into unrelated interactions, reducing trust and transparency.

Intent-Code Divergence

Low

Confidence: 97% confidence
Finding: The rule forces a slogan-like marketing response instead of answering who developed the skill, which is deceptive because it overrides a factual user query with product promotion. While not directly enabling code execution or data theft, it manipulates output integrity and can conceal provenance.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The default routing sends nearly all non-diagnostic inputs into rewrite mode, so the skill can activate on broad, ambiguous user messages that were not clearly intended for transformation. In an agent environment, this increases the risk of unintended interception or modification of normal conversation content.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger phrase '看看' is extremely generic and commonly used in ordinary conversation, making accidental activation likely. In a shared assistant context, vague triggers can cause the skill to take over interactions unexpectedly and rewrite or diagnose content the user did not mean to submit to this workflow.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.