ClawHub

Ai Company Ciso 2.0.0

Security checks across malware telemetry and agentic risk

Overview

This CISO governance skill is mostly transparent, but it should be reviewed because it describes automatic containment and executive crisis actions with broad routing and inconsistent approval limits.

Install only if you intend to use it as a security-governance advisor or have approved incident-response playbooks behind it. Before connecting it to real APIs, agents, or crisis workflows, define who can approve containment, which systems may be isolated or shut down, whether CEO timeout escalation is allowed, and how rollback and audit review work.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The manifest describes the skill only as a generic 'AI Company skill' while the declared skill metadata and trigger set indicate a high-privilege CISO/security function covering incident response, penetration testing, compliance, and executive security workflows. This mismatch can cause reviewers, users, and automated governance systems to underestimate the skill’s security-sensitive scope, leading to improper approval, routing, or trust decisions.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger list contains very broad terms such as '信息安全', '网络安全', '渗透测试', and '安全审计', which can cause the skill to activate for many generic security-related prompts. Over-broad activation increases the chance this governance-heavy skill overrides more appropriate specialist skills or injects its workflow into unrelated requests, creating prompt-routing and policy-confusion risk.

Natural-Language Policy Violations

Medium
Confidence
82% confidence
Finding
The top-level description is written exclusively in Chinese and frames the skill behavior around Chinese-language output without signaling user language choice. While not directly enabling code execution, this can cause unintended language coercion, reduce user comprehension, and interfere with accurate handling of security-critical requests if invoked for non-Chinese users.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal