ClawHub

Industry Insight - 行业洞察分析

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Chinese-language industry research helper that uses disclosed web research and contains no executable code or hidden persistence.

Install this if you want a Chinese-language workflow for structured industry research. Expect it to run web searches and fetch public pages; avoid entering confidential business plans, private company data, or sensitive investment assumptions, and verify important market numbers against primary sources.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrases are very broad (e.g. generic terms for industry analysis and market research) and the README does not define clear activation boundaries. This can cause unintended invocation in unrelated conversations, leading the agent to perform web searches or structured analysis when the user did not explicitly request this skill, increasing the risk of context confusion and unnecessary external tool use.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger phrases are overly broad and include common requests such as '行业分析' and '市场分析', which can cause the skill to activate for ordinary analytical conversations that were not intended to invoke this workflow. This increases the risk of unintended tool use, scope hijacking, and user confusion, especially because the skill is designed to perform external searches and generate structured outputs automatically.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal