ClawHub

Sales Oratory Master

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a Chinese sales-coaching prompt helper with some output-quality and prompt-injection caveats, but no evidence of hidden access, persistence, exfiltration, or destructive behavior.

Install this if you want a Chinese-language sales objection-handling assistant. Review its generated messaging before sending it to customers, especially where language, compliance, or negotiation tone matters, and avoid pasting sensitive customer data unless you are comfortable having that context processed by the LLM runtime.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Natural-Language Policy Violations

Medium
Confidence
90% confidence
Finding
The skill is written to operate entirely in Chinese and mandates Markdown output in that language without any mechanism to respect the user's preferred language or document a necessary locale restriction. In a sales negotiation context, this can cause miscommunication, reduce user control, and lead to incorrect or noncompliant business messaging when deployed for users or customers expecting another language.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The description uses broad natural-language triggers such as customer pushback on price, budget constraints, competitor comparison, or value doubt, which can match many ordinary enterprise-sales conversations. This can cause the skill to activate outside the user's intent and apply persuasion-oriented behavior automatically, increasing the risk of inappropriate responses or policy-noncompliant sales tactics in benign contexts.

Natural-Language Policy Violations

Low
Confidence
82% confidence
Finding
The metadata display name and description are written in Chinese without any indication that language should follow the user's preference. This can lead to responses or surfaced UI elements being presented in an unexpected language, causing confusion, miscommunication, and reduced transparency in a compliance-sensitive enterprise sales workflow.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal