ClawHub

High-EQ Communication (高情商沟通)

Security checks across malware telemetry and agentic risk

Overview

This appears to be a persuasion and communication coaching skill, but it needs review because it can surface influence tactics too broadly and without clear ethical guardrails.

Install only if you intentionally want negotiation, sales, or communication coaching. Configure the agent to ask before using persuasion tactics, avoid fabricated urgency or scarcity, and keep outputs transparent, non-deceptive, and respectful of the other party's ability to make an informed choice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The metadata description embeds broad trigger phrases such as 'communication,' 'sales scripts,' 'persuasion,' and 'conflict resolution' without clear scoping, which can cause the skill to activate on ordinary, high-volume user requests unrelated to this specific toolkit. Because the skill is designed around persuasion and influence frameworks, unintended invocation increases the chance that users are steered into manipulative or mismatched guidance when they did not explicitly request it.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The multilingual trigger section includes many vague, common terms across several languages, including generic words for communication, sales, persuasion, and negotiation. This broadens attack surface and routing ambiguity across languages, making accidental activation more likely and especially problematic here because the skill packages influence, urgency, loss aversion, and strategic persuasion techniques that could be inappropriately surfaced in benign conversations.

Natural-Language Policy Violations

Medium
Confidence
93% confidence
Finding
This section explicitly operationalizes influence and cognitive-bias tactics such as anchoring, scarcity, bandwagon effects, and loss aversion as communication methods, without any built-in requirement for transparency, consent, or a user-selected ethical mode. In a skill marketed for persuasion and sales scripts, that creates a real risk of facilitating manipulative social-engineering behavior against customers or other targets.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal