ClawHub

Business Blueprint Skill

Security checks across malware telemetry and agentic risk

Overview

This looks like an offline blueprint and diagram skill, but it should be reviewed because its metadata claims sensitive/high-impact capabilities that the artifacts do not explain and it can persist raw command-line details in generated audit files.

Review the requested capability tags before installing; this skill should not need purchase authority, crypto access, OAuth tokens, or sensitive credentials for offline blueprint rendering. Avoid putting secrets, access tokens, or sensitive customer identifiers in command-line arguments, because export provenance files may preserve them. Expect local artifact generation and verify outputs before sharing them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (10)

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The document promises validator protections such as soft-schema checks, relation integrity, cycle detection, and semantic validation, but the included sample validator code does not implement them. If implementers rely on this design as authoritative, malformed or hostile blueprint data could bypass expected validation and reach downstream renderers or tooling, increasing the chance of crashes, logic abuse, or unsafe processing of untrusted structures.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The function claims to compute a statistical significance p-value, but it returns fixed values based on simple improvement thresholds instead of performing a real statistical test. This can mislead downstream users or automated gates into believing results are statistically significant when they are not, undermining test integrity and potentially causing incorrect deployment or validation decisions.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The script claims statistical significance for an A/B experiment, but later derives the p-value from a simple lift threshold rather than a real hypothesis test. This can mislead stakeholders into trusting unsupported performance claims, causing unsafe deployment or business decisions based on fabricated evidence.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The code presents fixed or estimated values such as layer accuracy as measured comparison outcomes, which creates a deceptive evaluation artifact. In a testing/reporting skill, this is dangerous because downstream users may treat the report as objective validation when parts are manually assumed.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger phrase "帮我画一个微服务架构图" is broad and overlaps with ordinary architecture-diagram requests that may belong to multiple skills or generic assistants. Without explicit exclusion or routing constraints, the system may invoke this skill in contexts where the user wanted a different tool or a narrower capability, causing incorrect skill selection and unintended access to blueprint-generation flows.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The English phrase "Create a strategy canvas showing our competitive advantages" is ambiguous and can match broad business strategy, presentation, or visualization intents outside this skill's intended scope. Because the file explicitly instructs that this phrase should trigger the blueprint skill rather than another candidate skill, it increases the risk of over-broad routing and misclassification of common user requests.

Natural-Language Policy Violations

Medium
Confidence
90% confidence
Finding
The template is written entirely in Chinese and implicitly requires Chinese comprehension/output without any indication that language should follow user preference. In a general-purpose agent skill, forcing a language without user opt-in can cause incorrect task execution, user confusion, and policy bypass of expected localization behavior, especially when architectural guidance is meant to be reused broadly.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The design document is written entirely in Chinese and includes user-facing prompts, examples, and workflow assumptions in Chinese without any language-selection or localization mechanism. This can cause the skill to ignore or override a user's preferred language, leading to misunderstanding of clarifications, incorrect approvals of diffs, and reduced user ability to validate generated business artifacts safely.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger list for architecture diagram generation includes broad terms like "diagram" and "--export", which can match ordinary discussion, documentation, or unrelated user requests. In an agent skill, overly broad routing can cause unintended file reads, generation actions, or writes to occur in the wrong context, increasing the chance of prompt-triggered side effects and confusing or unsafe behavior.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The code persists the full process CLI arguments into a timestamped markdown file in the export directory. CLI arguments commonly contain secrets, local file paths, access tokens, customer identifiers, or other sensitive operational context, so this creates an unintended disclosure channel to disk without redaction or consent. In this skill context, the file is explicitly intended as an audit/provenance artifact, which makes the leakage more likely to be retained, shared, or committed.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal