ClawHub

玄幻小说创作主编

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Chinese fantasy-novel writing workflow that creates and resumes files in its own workspace, with no evidence of exfiltration, credential access, destructive behavior, or hidden execution.

Install this only if you want an autonomous Chinese fantasy-novel generator that may create many files and continue from prior files in its named workspace without asking follow-up questions. Keep unrelated private files out of that workspace, and review generated output paths before re-running if overwrites would matter.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README explicitly says the skill will automatically scan the workspace and continue from existing files, which implies local file access and inference over user data without a clear notice or consent step. In an agent setting, that can expose unrelated sensitive content in the workspace or cause the model to incorporate unintended files into the output.

Missing User Warnings

Low
Confidence
81% confidence
Finding
The '全程自主' behavior suppresses user confirmation for major creative decisions, which reduces user control and can lead to unwanted or costly output being produced without review. While this is not a classic security exploit, it is an unsafe autonomy pattern because the skill may take significant actions based on assumptions rather than explicit approval.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The activation criteria are extremely broad, causing the skill to auto-trigger on loosely related requests. Overbroad activation can hijack user intent, invoke unintended file operations, and increase the chance that the skill runs in contexts where the user did not consent to its workflow.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The startup instruction mandates immediate execution for any fantasy-novel-related utterance and explicitly forbids clarifying questions. This removes normal safety and consent checks, making accidental activation and unintended side effects more likely, especially because the skill also scans directories and writes files.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs automatic scanning of a workspace directory and repeated creation of files as part of its normal flow without a clear user-facing warning or confirmation. Silent filesystem interaction is dangerous because it can expose existing content, overwrite work, or create persistent artifacts the user did not expect.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The skill writes a final TXT artifact to a fixed output path without clearly notifying the user up front. While lower risk than arbitrary path handling, fixed-path file generation can still create unwanted files, leak project naming, or overwrite expected output in shared workspaces.

Natural-Language Policy Violations

Medium
Confidence
93% confidence
Finding
The skill content is entirely written in Chinese and defines a rigid Chinese-language output format without indicating that it should adapt to the user's language preference. In a multi-lingual agent environment, this can override user expectations, reduce usability, and cause downstream coordination failures if other skills or users expect another locale.

Missing User Warnings

Low
Confidence
89% confidence
Finding
The skill explicitly instructs the agent to save a TXT file into the workspace at a fixed output path, but the skill description does not disclose to the end user that local files will be created or modified. This can lead to unexpected workspace changes, overwrite risks, and reduced user control, even though the action is aligned with the skill's formatting purpose rather than clearly malicious.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal