ClawHub

Agent 防假完成工具

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill is not malware, but it broadly pushes agents to keep using tools, expand scope, and avoid asking the user across many task types without clear limits.

Install only if you intentionally want an aggressive reliability and verification style. Use it in environments where the agent still must respect user scope, ask before risky shell commands or network calls, avoid sensitive data unless explicitly approved, and stop when safety, legal, financial, medical, credential, or destructive-operation boundaries are involved.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The manual trigger phrases are generic, everyday Chinese requests such as asking to check for omissions or verify results. Because these phrases are likely to appear in normal user interactions, the skill can activate unintentionally and alter agent behavior in contexts where the user did not explicitly consent to this coercive workflow. In this skill, unintended activation is more concerning because activation introduces aggressive pressure-escalation instructions and broad behavioral overrides across all task types.

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
The README is entirely Chinese and presents the skill as applicable to all task types without offering any language negotiation or fallback behavior. This can cause misinterpretation, hidden behavioral changes, or unusable outputs for users operating in other languages, reducing transparency and making it harder for users to understand that coercive or high-pressure behavior has been enabled. The risk is increased somewhat by the skill's broad scope and its instruction-heavy nature, which can silently shape agent conduct across many contexts.

Vague Triggers

High
Confidence
92% confidence
Finding
The skill declares itself applicable to essentially all task types and any situation where an agent may be stuck, which makes it eligible to steer behavior far beyond a narrow, intended domain. In context, that broad scope is paired with coercive instructions like 'exhaust everything,' 'ask later,' and proactive expansion of task scope, increasing the chance the agent overrides normal safety, minimization, or user-intent boundaries in unrelated workflows.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal