ClawHub

Zhougong Dream

Security checks across malware telemetry and agentic risk

Overview

This is a local dream-interpretation skill with broad activation phrases but no evidence of hidden data access, persistence, network use, or destructive behavior.

Install only if you want dream-interpretation and fortune/cultural-style guidance to handle dream-related prompts. Treat results as entertainment or cultural reference, not medical or psychological advice, and avoid sharing sensitive personal details unless you are comfortable having them processed by this local skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The documented trigger phrases are very broad and include common, everyday dream-related terms in both Chinese and English, which can cause the skill to activate for ordinary user speech rather than clear invocation intent. In an agent ecosystem, unintended activation can hijack conversations, expose user inputs to the wrong skill logic, and interfere with safer or more appropriate handlers.

Natural-Language Policy Violations

Low
Confidence
78% confidence
Finding
The skill advertises mandatory bilingual Chinese/English behavior without indicating that the user can choose a single language or opt in to bilingual output. While not a direct code-execution risk, this can degrade consent, clarity, and privacy expectations by causing the system to transform or repeat sensitive dream content in an additional language the user did not request.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger list includes very common phrases such as 'dream analysis', 'dream interpretation', '解梦', and '梦见', which are likely to appear in ordinary user conversation. This can cause the skill to activate unintentionally, hijack unrelated dream or mental-health discussions, and steer users into fortune-telling or psychological interpretation content without clear user intent.

Vague Triggers

Low
Confidence
84% confidence
Finding
The manifest defines broad triggers but does not specify boundaries, exclusions, or confirmation requirements for when the skill should run. In context, this increases the chance of over-invocation in casual dream discussions and may surface culturally authoritative but non-evidence-based guidance in situations where users did not intend to consult this tool.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal