ClawHub

中国3C营销助手

Security checks across malware telemetry and agentic risk

Overview

This is a coherent China consumer-electronics marketing assistant, with some privacy and routing cautions around comment imports and implicit activation.

Install if you want an offline-first China 3C marketing and risk-review workflow. Before importing comments, subtitles, scraped pages, or customer feedback, confirm you have authorization, remove usernames and identifiers where possible, avoid login-gated scraping, and review any proposed knowledge-base or SKILL.md updates before applying them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The default_prompt is written as a broad capability advertisement rather than a narrowly scoped activation cue, which can cause the agent framework to invoke this skill for loosely related requests about Chinese product launches, marketing, KOLs, or comment simulation. Because the skill covers persuasive messaging and negative-comment handling, unintended triggering could steer responses into higher-risk marketing or reputation-management behavior without explicit user intent.

Vague Triggers

Medium
Confidence
93% confidence
Finding
Enabling allow_implicit_invocation without documented constraints allows the platform to auto-select this skill based on vague semantic similarity instead of explicit user choice. In this context, the skill's focus on launch strategy, KOL/channel planning, and negative-comment response increases the chance of unrequested persuasive or reputation-management assistance being injected into conversations.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger conditions rely on broad natural-language phrases like '处理新数据' and '我导入了新文件', plus an implicit filesystem event ('工作目录中出现新的原始数据文件'). This can cause the subagent to activate unexpectedly during ordinary conversation or when unrelated files appear, leading to unintended processing or downstream file modifications without clear user intent.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The document instructs the agent to update category index files and the main SKILL.md entry point after processing, but does not require notifying the user that skill documentation or indexing files will be modified. In an agent setting, silent modification of control or reference files can create integrity and auditability issues, especially if raw data is untrusted or the user expected read-only analysis.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger conditions include very common phrases such as “帮我检查”, “审核”, and “这个靠谱吗”, which can match ordinary user requests outside the narrow fact-checking context. In an agentic system, overly broad activation can cause the wrong subagent to intercept benign conversations, misroute tasks, or apply adversarial-review behavior where it was not intended, degrading reliability and potentially blocking or distorting normal outputs.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger conditions are broad enough to match generic requests such as 'help me do promotion' or 'how to launch this,' which increases the chance the skill is invoked outside its intended scope. In an agent setting, unintended invocation can steer workflows, shape recommendations, or cause downstream actions based on a specialized marketing template when the user did not explicitly request it.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The guide explicitly encourages users to import exported social-media comments and review subtitle files, which can contain personal data, usernames, handles, voice transcripts, and other sensitive information, but it provides no privacy notice, minimization guidance, or handling restrictions. In a marketing workflow, this creates a realistic risk of unnecessary collection, retention, and reuse of personal data in ways that may violate privacy expectations or platform/legal requirements.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal