ClawHub

Hekouwang Yandu Deck Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly a coherent deck-building and Cloudflare publishing workflow, but it can automatically install global tooling and has broad activation wording that could start a powerful publishing flow unintentionally.

Review this before installing if you do not specifically manage the Hekouwang YanDu DECK site. Use `--build-only` unless you intend to publish, confirm the Cloudflare account/project before deployment, and do not let the script auto-install Wrangler globally unless you accept npm global package installation on that machine.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
return None
    print("\n📥 未检测到 Wrangler,自动安装:npm i -g wrangler …")
    try:
        subprocess.run(["npm", "i", "-g", "wrangler"], check=True)
    except subprocess.CalledProcessError:
        print("⚠️  Wrangler 安装失败,请手动 `npm i -g wrangler`。")
        return None
Confidence
82% confidence
Finding
subprocess.run(["npm", "i", "-g", "wrangler"], check=True)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger phrases are broad functional terms such as '演示版', '翻页演示', and 'keynote 网页', which are likely to appear in ordinary user requests unrelated to this specific skill. That can cause the skill to activate unintentionally, giving its instructions and publishing workflow undue influence over unrelated tasks, especially because this skill can modify site content and deploy to Cloudflare Pages.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases include broad, natural-language terms such as '演示版', 'keynote 网页', and '沉浸式阅读', which could match ordinary content-creation requests unrelated to this specific publishing pipeline. Because the skill also includes file modification and deployment behavior, overbroad activation raises the risk of the agent entering a powerful workflow unexpectedly and making project changes or preparing deployment artifacts without the user intending to use this skill.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal