ClawHub

Universal Occupation Adapter

Security checks across malware telemetry and agentic risk

Overview

The skill is not clearly malicious, but it can steer an agent to generate and auto-publish new skills too broadly without enough review or user control.

Use this only as a local drafting aid unless you have added your own review gates. Disable or ignore auto-publish behavior, inspect every generated skill before sharing it, and avoid using it to create authoritative medical, legal, financial, or safety-critical guidance without expert review.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The heartbeat trigger says only to check for new occupation-adaptation requests in a queue, but it does not define who can enqueue requests, how often the check runs, or what validation and authorization gates must be applied before downstream processing. In an auto-generating skill context, this ambiguity can enable unintended or unbounded activation, causing unauthorized task execution, queue abuse, or generation of unsafe skills at scale.

Natural-Language Policy Violations

Medium
Confidence
91% confidence
Finding
The README presents the skill’s core behavior and description entirely in Chinese without indicating language selection, fallback behavior, or user opt-in. In a general-purpose skill that auto-generates occupation-specific cognitive content, this can mislead or exclude users, cause unintended prompt/output language changes, and increase the risk of unsafe or misunderstood instructions when operators expect another language.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The skill is explicitly framed as a universal adapter for generating skills for any occupation, but it does not define clear invocation boundaries, exclusions, or safety gating for regulated or high-risk professions. In an agent ecosystem, this broad scope can cause the skill to be applied in inappropriate contexts and produce authoritative-seeming guidance for domains like medicine, law, or finance without sufficient safeguards.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The repeated claim that the adapter can automatically generate skills for any profession reinforces an effectively unbounded operating scope. Because no activation phrases, denial conditions, or domain restrictions are specified, downstream agents may over-invoke it and create unsafe artifacts for specialized domains with legal, medical, privacy, or safety implications.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The batch generation example includes auto-publishing generated skills without any visible warning, approval checkpoint, or description of what files or registries will be modified. This is dangerous because it enables an agent to create and distribute unreviewed artifacts at scale, potentially publishing unsafe, misleading, or policy-violating skills into shared environments.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal