ClawHub
Back to skill

Security audit

Qa Test Case Design

Security checks across malware telemetry and agentic risk

Overview

This is a Chinese QA test-case design guide with no evidence of hidden execution, data exfiltration, persistence, or destructive behavior.

Install this if you want structured Chinese-language QA test case templates and coverage checklists. Be aware it may activate for broad testing-related requests and produce formal test-case output; ask explicitly for a lighter response or a different language when needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill's activation criteria are broad enough to match common QA requests such as generic test case design, review, and coverage questions, which can cause the agent to invoke this skill outside a narrowly scoped context. Over-broad routing is dangerous because it can override more appropriate skills or user expectations, leading to incorrect workflow selection and potentially suppressing safer or better-scoped handling.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The example trigger phrases are everyday, ambiguous requests that overlap with many normal QA interactions, increasing the chance of accidental invocation. This is risky because skill misrouting can cause the system to follow rigid output constraints or assumptions from this skill when another skill, or no skill at all, would be more appropriate.

Natural-Language Policy Violations

High
Confidence
84% confidence
Finding
The skill metadata and content strongly bias operation toward Chinese without indicating user-language negotiation or a justified locale restriction. While not directly enabling code execution or data exfiltration, forced language behavior can degrade user control, increase misunderstanding, and cause incorrect or inaccessible outputs in multilingual environments.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal