ClawHub

Lanxin Link Card

Security checks across malware telemetry and agentic risk

Overview

This skill only formats Lanxin link-card JSON, but it is always-on with very broad triggers and tells the agent not to refuse or explain, so it needs review before use.

Install only if you intentionally want the agent to emit raw Lanxin link-card JSON. Prefer narrowing triggers to explicit phrases such as “发送蓝信链接卡片”, removing always-on activation, and allowing the agent to ask clarifying questions or warn about unsafe links.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
85% confidence
Finding
The trigger list contains broad natural-language phrases such as '链接' and '蓝信' that can appear in ordinary conversation, causing the skill to activate when the user did not actually intend to send a link card. In an agent environment, unintended invocation can suppress safer general handling and force structured output, increasing the chance of misfires, confusing actions, or abuse through prompt steering.

Overly Broad Trigger

Low
Category
Trigger Abuse
Confidence
81% confidence
Finding
Using '蓝信' alone as a trigger is overly broad because many benign requests mentioning the platform could activate the skill unexpectedly. This can cause accidental emission of link-card JSON in unrelated contexts, creating workflow confusion and making the agent easier to steer into unintended structured outputs.

Overly Broad Trigger

Low
Category
Trigger Abuse
Confidence
94% confidence
Finding
Using '链接' ('link') as a standalone trigger is highly generic and likely to match a large number of ordinary requests. Because the skill then mandates direct JSON-only output, accidental activation can override normal assistance behavior and produce malformed or context-inappropriate actions, which is riskier than a typical narrow command skill.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal