ClawHub

盗墓小说创作主编

Security checks across malware telemetry and agentic risk

Overview

This is a creative-writing skill that automates tomb-adventure novel drafting and file output, with no evidence of malware, exfiltration, or hidden privilege use.

Install only if you want an autonomous Chinese tomb-adventure novel generator. Use a dedicated workspace/output folder, avoid pointing it at sensitive directories, and expect it to make creative decisions without asking for clarification.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The activation guidance is extremely broad and includes casual phrases that can match ordinary creative-writing requests, increasing the chance the skill is invoked when the user did not explicitly intend this specific workflow. Because the skill also claims it should proactively activate and then autonomously make decisions, accidental triggering can cause unexpected behavior, context hijacking, or unintended processing of user content.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README states that the skill will scan existing files to detect continuation points and generate output artifacts, but it provides no warning, consent boundary, or description of what files may be read or written. In a skill ecosystem, undocumented file access and output generation can expose sensitive user data, overwrite content, or create side effects the user did not anticipate.

Vague Triggers

High
Confidence
95% confidence
Finding
The skill description is intentionally expansive and auto-invokes on a wide range of loosely related phrases, including generic terms like underground exploration or style references. This can cause the agent to route unrelated user requests into this skill without clear user intent, overriding more appropriate skills and increasing the chance of unwanted long-form generation or unsafe behavior chaining.

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
The skill hard-codes a Chinese-language, persona-specific interaction style and instructs the agent to respond in a fixed way regardless of user preference. This can conflict with the user's requested language or locale, reduce transparency, and make the system ignore higher-level user needs in favor of the skill author's constraints.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The manifest description is broad and lacks clear trigger boundaries, which can cause the orchestrator to invoke this skill for loosely related prompts. Because the skill is designed to take over a full creative workflow and to activate on many vague phrases, it increases the chance of overreach, unintended routing, and prompt-scope capture beyond the user's actual intent.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly instructs writing a TXT file to a caller-specified path and creating directories if needed, but it provides no guardrails on what paths are allowed and no requirement for explicit user confirmation before modifying the filesystem. In an agent setting, this can enable unintended file writes, overwriting user data, or writing outside an expected workspace if the upstream caller supplies a dangerous path.

VirusTotal

56/56 vendors flagged this skill as clean.

View on VirusTotal