ClawHub

jp-report

Security checks across malware telemetry and agentic risk

Overview

This skill coherently creates Japanese corporate-style HTML/PDF reports from user-provided material, with only disclosed local file handling and PDF conversion behavior.

Use this when you explicitly want a Japanese corporate-style report. Expect it to process the source material you provide, write HTML and PDF files to your chosen output folder, and run local Python/Chrome for PDF export. Avoid giving it confidential source files unless the selected output location and local machine are appropriate for that data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger description is broad enough to match generic requests like business reports, compliance documents, or security overviews, which can cause the skill to activate outside a narrowly intended scope. Over-broad triggering can unexpectedly steer user tasks into this workflow, including forced file handling and PDF generation steps, increasing the chance of unintended data processing or misuse.

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
The skill mandates formal Japanese output without checking whether the user requested Japanese, which can override user intent and cause unintended transformation of provided content. In this skill, that matters more because it rewrites source material into a formal report format, so accidental invocation could lead to incorrect deliverables, miscommunication, or processing of sensitive content into an unexpected externalized form.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal