ClawHub

工作日/周/月/年报总结

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent work-report generator that reads and saves reports in a disclosed workspace folder, with no evidence of malware, exfiltration, or hidden unrelated behavior.

Install only if you are comfortable with the skill reading and reusing prior reports stored in .workbuddy/reports/. Avoid storing confidential details there unless that folder is excluded from commits, sync, or shared workspaces.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Vague Triggers

High
Confidence
92% confidence
Finding
The trigger definition is so broad that ordinary conversational text can invoke the skill unintentionally. In this skill, unintended invocation is more dangerous because it can cascade into reading stored reports and generating content from prior workspace data without a clearly bounded user request.

Vague Triggers

Medium
Confidence
88% confidence
Finding
Defaulting arbitrary keywords to a daily report creates ambiguous invocation and can cause the skill to act when the user did not intend report generation. Because this skill also persists outputs and may consult prior history, an accidental trigger can lead to unintended disclosure or writes in the workspace.

Vague Triggers

High
Confidence
93% confidence
Finding
Allowing '任意口水话' and unspecified keyword input makes invocation boundaries unclear and increases the risk of accidental activation. In context, that matters because activation is tied to data access and report generation, not just harmless formatting.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs automatic reading of historical report files without a clear, prominent warning at the time of use. That can expose prior user or workspace content unexpectedly, especially when the user only asked for a new report and may not realize stored materials will be pulled in.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill describes persistent file writes to the workspace without a prominent warning or opt-in around storage. Unexpected persistence can leak sensitive work summaries into project directories, where they may later be committed, synced, or accessed by others.

Ssd 3

Medium
Confidence
96% confidence
Finding
The instructions explicitly tell the skill to silently read and reuse prior report contents, which can resurface sensitive historical work details without confirmation at generation time. This is especially risky in a workplace context where prior reports may contain internal project names, incidents, security issues, or personnel details.

Ssd 3

Medium
Confidence
95% confidence
Finding
Generating reports from stored history when the user provides little or no new input can reveal older content the user did not intend to bring forward. In this skill's context, resurfacing past work summaries can expose confidential business information even when the current request was vague or casual.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal