ClawHub

机器人世界模型与动作模型(WAM)技术仓库维护Skill;支持搜集、分析、分类并生成图文并茂的AWAR仓库文档;包含科普介绍、深度技术分析、快速上手指南;当用户需要构建机器人AI领域技术仓库或研究VLA/RT-2/Dreamer等前沿工作时使用

Security checks across malware telemetry and agentic risk

Overview

This is a robotics documentation and research helper with no executable payload or hidden privileged behavior found.

Reasonable to install as a documentation helper. Before running any generated quick-start commands, review third-party repositories, package installs, checkpoint downloads, and any real-robot demo steps; also tell the agent your preferred output language if you do not want Chinese documentation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill description says it should be used whenever a user needs to build a robotics AI technical repository or research broad frontier topics such as VLA, RT-2, and Dreamer, without defining narrow activation criteria. Overly broad triggers can cause the skill to activate in loosely related conversations, steering outputs toward repository maintenance workflows even when the user did not request them and increasing the chance of irrelevant or policy-conflicting behavior.

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
The metadata and document content strongly frame the skill around Chinese-language output, including Chinese descriptions and guidance aimed at generating Chinese documentation, without indicating that output language should follow user preference. This can override user intent or system defaults, causing unauthorized language steering and reducing usability, especially in multilingual environments.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill description is broad enough to activate for a wide range of robotics, AI repository, and research-assistance requests without clear boundaries. Over-broad activation can cause unintended routing, making the agent apply this skill in contexts where its instructions or assumptions are inappropriate, which can lead to policy drift, lower-quality handling, or accidental override of more suitable skills.

Natural-Language Policy Violations

Medium
Confidence
80% confidence
Finding
The requirement to add Chinese annotations establishes a language preference inside the skill without checking the user's requested language. While not a direct code-execution risk, this can override user intent or system-level language handling and create prompt-conflict behavior, especially in multilingual environments where predictable output constraints matter.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal