ClawHub

myskill

Security checks across malware telemetry and agentic risk

Overview

This is a retrieval-only Tianchuang finance policy skill with no executable code or privileged behavior, though its generic finance triggers may activate more often than users expect.

Install only if you want Tianchuang finance-policy lookup behavior. Be aware that generic finance terms may trigger it, and verify that the referenced Tianchuang PDF corpus is authorized and current before treating returned excerpts as official policy.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger conditions are broad enough to activate on generic finance-related terms such as reimbursement, budget, payment, or risk, even when the user may not be asking about Tianchuang-specific documents. That can cause the skill to hijack unrelated conversations and inject corporate policy text or "无" responses in contexts where a different skill or normal assistant behavior should apply, reducing reliability and potentially exposing internal document excerpts more often than intended.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger list is broad and includes common finance terms such as reimbursement, budget, payment, approval, and risk. This can cause the skill to activate during ordinary conversations that merely mention finance topics, increasing the chance of unintended document retrieval, policy exposure, or workflow interference in contexts where the user did not explicitly request this skill.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal