ClawHub

Tech Solution Generator

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a document-generation helper for technical solution writeups, with no evidence of code execution, credential access, persistence, or data exfiltration.

Install this if you want help drafting technical solution documents. Treat generated architecture and risk sections as drafts, especially for regulated or security-sensitive systems, and provide complete requirements to reduce misleading output.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The invocation examples use very generic trigger phrases such as asking to generate a technical solution for broad system types, without defining boundaries on what inputs are acceptable or what the skill should refuse. In an agent environment, broad triggers can cause accidental over-invocation, prompt collisions with unrelated user requests, or generation of authoritative-looking architecture/output from incomplete or sensitive inputs, increasing the chance of unsafe or misleading automation.

Natural-Language Policy Violations

Medium
Confidence
79% confidence
Finding
The skill content is effectively Chinese-only, with no language negotiation or documented locale restriction. This can lead to user misunderstanding of generated designs, requirements, risks, and remediation steps, which is especially problematic for technical planning documents where ambiguity may propagate into implementation or security decisions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal