ClawHub

Today in History - 历史上的今天

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward today-in-history lookup that sends a date and API key to the disclosed JisuAPI service.

Install this if you are comfortable using a JisuAPI key for a third-party history lookup. Use a dedicated key where possible, expect requests to consume provider quota, and ensure the Python requests package is available.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
85% confidence
Finding
The trigger description uses broad phrasing like '或类似历史纪事问题' without clear boundaries, which can cause the agent to invoke the skill for loosely related prompts. Over-broad invocation can leak user queries to the external API unnecessarily and increase unintended network access or incorrect routing.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The usage examples include generalized everyday phrasing that broadens the activation surface beyond a narrowly scoped 'today in history' lookup. In an agent setting, vague examples can lead to non-deterministic tool selection and unnecessary disclosure of user input to a third-party service.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal