ClawHub

Beijing

Security checks across malware telemetry and agentic risk

Overview

This is a text-only Beijing travel and relocation guide with some advice that should be read cautiously, but it does not request system access, credentials, persistence, or hidden execution.

Install only if you want a broad Beijing guide. Treat its legal, VPN, and health content as practical orientation, not authoritative legal or medical advice; verify current rules, app availability, and medication suitability from official or professional sources before acting.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger condition is extremely broad: 'User asks about Beijing for any purpose' can activate the skill on casual or tangential mentions rather than clear requests for Beijing guidance. Over-broad routing can cause irrelevant skill takeover, reducing user control and potentially surfacing policy-sensitive guidance in contexts where it was not requested.

Natural-Language Policy Violations

Medium
Confidence
77% confidence
Finding
The skill includes a blanket instruction to avoid criticizing the government/Party, which goes beyond neutral factual safety guidance and steers user expression without framing it as legal-risk information or preserving user choice. In a location-guidance skill, this can bias responses on politically sensitive topics and suppress legitimate user requests rather than answering them safely and transparently.

Missing User Warnings

Low
Confidence
95% confidence
Finding
The advice to 'give yourself 2-3 days for local bacteria' can be interpreted as normalizing avoidable foodborne exposure rather than encouraging safe eating practices. In a travel food guide, readers may follow this guidance and downplay hygiene or illness symptoms, increasing the risk of gastrointestinal illness or delayed care.

Missing User Warnings

Low
Confidence
93% confidence
Finding
The section recommends specific over-the-counter medicines for diarrhea, stomach upset, dehydration, and suspected food poisoning without a clear warning to verify suitability, check contraindications, or seek professional care. In a travel guide context, users may rely on this advice for self-treatment and delay appropriate medical evaluation, especially if symptoms are severe or the medicines are unsuitable for them.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The guide explicitly recommends specific VPN apps and instructs users to download them before arrival, but provides no warning that VPN use may be restricted, monitored, blocked, or subject to legal and policy risks depending on jurisdiction and provider status. In a travel/local-services skill, this can cause users to rely on potentially noncompliant or unsafe network access practices without informed consent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal