ClawHub

文言内核

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed style-only skill for terse answers and internal Chinese-style compression, with broad activation language but no code, data access, persistence, or external behavior.

Install this only if you want terse, direct responses by default across many normal tasks. Disable or avoid it when you want detailed teaching, emotional support, creative prose, or more expansive explanations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

High
Confidence
97% confidence
Finding
The skill description says it should be used for most concise/direct-answer scenarios, which is an extremely broad trigger surface. That can cause the skill to activate on ordinary requests without clear user consent, silently changing response behavior and potentially overriding more appropriate specialized or safer skills.

Vague Triggers

High
Confidence
98% confidence
Finding
The instruction that the skill 'should often be used' and applies whenever there is no special reason to elaborate creates a default-on policy with vague boundaries. In a skill-routing system, ambiguous default activation can lead to unintended takeover of many sessions and broad behavioral modification without transparency.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The 'default applicable' list includes generic activities like everyday Q&A, execution tasks, debugging, planning, summarization, code review, and document rewriting. Because these categories cover a very large share of normal interactions, the skill could be selected in routine contexts where the user never requested this behavior.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal