ClawHub

Jue AI Awakening Engine

Security checks across malware telemetry and agentic risk

Overview

This is a Chinese-language self-debugging prompt skill with broad activation triggers, but it is disclosed, no-code, and aligned with troubleshooting rather than hidden access or unsafe behavior.

Install this only if you want the agent to become more proactive and evidence-driven when stuck. Be aware it may activate on broad phrases like dissatisfaction or “try another way,” and keep normal approval boundaries for file changes, network calls, shell commands, account actions, and multi-agent sharing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

High
Confidence
95% confidence
Finding
The skill activates on extremely broad, common phrases such as user dissatisfaction or retry language, causing it to load in many normal conversations unrelated to actual failure recovery. This can override user intent and hijack the agent’s behavior, making the skill effectively always-on in ambiguous situations and increasing the chance of unsafe autonomous action.

Natural-Language Policy Violations

Medium
Confidence
87% confidence
Finding
The skill is written to operate in Chinese without offering a language-choice mechanism or documenting why Chinese is required. In a multilingual agent environment, this can confuse users, obscure safety-relevant behavior, and reduce transparency of what the skill is doing when it activates unexpectedly.

Natural-Language Policy Violations

Medium
Confidence
92% confidence
Finding
The file is entirely in Chinese and does not provide an alternate language option or document a justified locale requirement. In a safety-relevant agent skill, this can cause operators, auditors, or users who do not read Chinese to miss behavioral guidance and constraints, reducing reviewability and increasing the chance that risky instructions are misunderstood or not scrutinized.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal