ClawHub

teaching-app-builder

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This skill is a disclosed single-file teaching HTML generator, but users should review CDN and Markdown-sanitization choices before using outputs with sensitive or untrusted content.

Install this if you want a local teaching-page generator and are comfortable reviewing the generated HTML. For sensitive environments, replace or pin CDN dependencies and avoid rendering untrusted Markdown directly; add sanitization such as DOMPurify or use safer text rendering before sharing generated pages.

SkillSpector (3)

By NVIDIA

Vague Triggers

Medium
Confidence
86% confidence
Finding
The skill description is triggered by very broad phrases such as '做个网页/做个演示/可视化一下这段内容', which can match many ordinary requests and cause the agent to invoke this skill when the user did not explicitly want a teaching-style single-file HTML artifact. That can lead to scope hijacking, unexpected file generation, and misrouting away from safer or more appropriate skills/workflows.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The file explicitly recommends loading third-party JavaScript from public CDNs and provides an automatic fallback pattern using `document.write`, but it does not mention any integrity pinning, self-hosting, version governance, or trust/privacy implications. In a skill that generates single-file HTML apps for end users, this guidance can cause downstream apps to execute remote code from external providers at page load, creating a real supply-chain and privacy risk if a CDN, mirrored package, or dependency path is compromised or blocked and silently replaced.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The example assigns the result of marked.parse(mdText) directly to innerHTML, which can turn untrusted Markdown containing raw HTML into executable DOM content. In the context of a skill that generates single-file teaching apps from user-provided text, this is especially risky because users are likely to feed arbitrary content into the generated page, making XSS/script injection a realistic outcome.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal