ClawHub

huawei-cloud-ascend-profiler-db-explorer

Security checks across malware telemetry and agentic risk

Overview

The skill appears intended for profiler database analysis, but its broad activation language and SQL execution path create a meaningful risk of unintended database access.

Review the skill before installing, especially the trigger section and any Unicode control characters in the source. Use it only if you are comfortable with a skill that can guide or run SQL against profiler databases, and require explicit confirmation before any query is executed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger list includes generic terms such as 'sql', 'table', and 'schema', which can cause the skill to activate in unrelated contexts. Because the skill is designed to generate and execute database queries, overbroad activation increases the chance of unintended tool use, unnecessary exposure of database contents, or the model being steered into a sensitive data-access workflow without sufficient user intent validation.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The instruction that this skill must be the 'first and only trigger' for a broad class of profiling DB questions creates ambiguous and overly aggressive routing behavior. In practice, such exclusivity can suppress safer or more appropriate skills, reduce contextual validation, and funnel diverse requests into a SQL-capable path that may access data or execute queries prematurely.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal