ClawHub

Work Mode Switch

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a mode-switching assistant prompt, but its broad automatic activation and execution-oriented modes need review before installation.

Review this skill before installing. It does not show evidence of malware or data theft, but it may let the agent infer modes from vague phrases and proceed in execution, self-check, or self-learning flows without enough explicit confirmation. Install only if you are comfortable with that behavior, and prefer a version that requires explicit mode commands and confirmation before file changes or autonomous follow-up.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The quick-reference table labels the 自检 mode as '自动执行', which directly contradicts earlier sections that repeatedly say this skill is documentation-only and does not perform actions. This inconsistency can cause downstream agents or users to believe the skill authorizes autonomous system-check behavior, increasing the risk of unintended file or system operations.

Intent-Code Divergence

Low
Confidence
91% confidence
Finding
The quick-reference table says 自学 is '独立推进', while the main body says it only provides learning suggestions and does not automatically perform learning actions. This mismatch weakens safety boundaries and may encourage an agent to continue autonomous behavior beyond what the user intended.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The skill defines implicit activation behavior that auto-detects mode changes when the user gives no clear instruction or provides a vague task. In an agent framework, this can cause the skill to engage unexpectedly during ordinary conversation and alter agent behavior without explicit user consent, increasing the chance of unintended actions or unsafe mode escalation.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The Execute mode is described as directly doing work and creating documents, but the README does not prominently warn that this mode may perform real side effects. Users may invoke it without understanding that it can create or modify files or otherwise act immediately, which raises the risk of unintended state changes in the environment.

Vague Triggers

Medium
Confidence
93% confidence
Finding
Many trigger phrases are common conversational expressions such as '聊聊', '你怎么看', '检查', or '马上', which are likely to appear in ordinary user dialogue without intent to switch modes. That creates prompt/skill ambiguity where the agent may enter a more permissive or action-oriented mode unexpectedly, leading to unintended behavior.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The default behavior says the skill will infer task type and auto-select behavior when no explicit instruction is given. Automatic mode inference broadens activation scope and can bypass user intent, especially in a skill that includes execution-oriented modes and mode-specific constraints.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The implicit switching rules permit automatic activation based on vague interpretation like '自动判断' and '必要时问一句', without clear boundaries or conflict resolution. In practice this makes the skill susceptible to accidental activation and prompt collisions, especially because several modes imply different operational authority.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal