ClawHub

Cognitive Bias Adivsor

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed decision-support skill with broad trigger words, but it contains no executable code, hidden data access, network behavior, or destructive actions.

Install this if you want an interactive Chinese decision-analysis helper, but expect it may activate on common decision or recovery words. Use explicit prompts when possible, and treat its output as thinking support rather than professional financial, medical, legal, or life advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

High
Confidence
95% confidence
Finding
The documented trigger phrases are very broad, including common words such as '决定', '选择', '帮我决策', and even recovery phrases like '继续' and '重来'. In a skill system that auto-activates on keyword matching, this can cause frequent unintended invocation, context hijacking, or interference with unrelated conversations, which is a genuine security and safety concern even if the content is non-malicious.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The README states the skill can be installed and then triggered '在任意对话中触发,无需额外配置', implying global activation without clear boundaries. While this is partly documentation language, it reinforces an always-on matching model that increases accidental activation risk and makes the broad trigger design more dangerous in practice.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger phrases are extremely broad and include common everyday terms like “决定/选择/帮我判断/继续/重来”, which can cause the skill to activate during unrelated conversations. This creates unintended interception of user intent and can derail normal assistant behavior, especially because the skill says to activate 'immediately' on match and also treats generic recovery phrases as activation signals.

Vague Triggers

High
Confidence
98% confidence
Finding
The trigger phrase "决定" is extremely generic and commonly appears in ordinary conversation, so it can cause the skill to activate when the user did not intend to invoke it. In a decision-support skill that steers conversation flow, this creates prompt-collision risk, accidental context capture, and unexpected mode switching, especially in multi-skill environments.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The resume command "继续" is highly ambiguous because users frequently say it in normal chat without intending to resume a stored workflow. If the skill treats it as a privileged stateful command, it may unexpectedly restore prior session state, leak workflow continuity, or interrupt unrelated conversation.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The reset command "重来" is a broad conversational phrase that can be used casually, making accidental destructive state reset plausible. In a skill that stores answered questions and progress, unintended resets can erase user progress, create confusion, and be abused to disrupt the interaction flow.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal