ClawHub

科研课题成果汇编

Security checks across malware telemetry and agentic risk

Overview

This is a prompt-only research-compilation skill whose web research and Word-output workflow are disclosed and aligned with its stated purpose.

Install this if you want a structured assistant for compiling research project outputs. Confirm the proposed framework before allowing the longer workflow to continue, review any web-sourced citations or statistics, and avoid providing confidential research materials unless you are comfortable with the document-generation tools involved.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger phrases are broad enough to match ordinary requests about summarizing or organizing research materials, which can cause the skill to activate outside its intended scope. In this skill, over-triggering is more concerning because it initiates a multi-phase workflow that includes web research and eventual document generation, potentially steering user interactions unexpectedly and causing inappropriate tool use or content handling.

Natural-Language Policy Violations

Medium
Confidence
78% confidence
Finding
The skill hard-codes a Chinese-language output and stylistic policy without checking user preference or task context. While not directly a security exploit, fixed-language behavior can mis-handle user intent, reduce transparency, and increase the chance of incorrect or nonconsensual outputs, especially when combined with autonomous research and document-generation steps.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal