ClawHub

Career Counselor

Security checks across malware telemetry and agentic risk

Overview

This is a mostly coherent career-counseling skill, but it instructs the agent to persistently rewrite its own reference files from web search results without clear user approval or review.

Install only if you are comfortable with a China-focused Chinese-language career counselor that may ask about family finances and education background. The main review concern is the self-updating knowledge-base instruction; run it in an environment where installed skill files cannot be modified automatically, or require explicit review before any reference-file changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (9)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The document explicitly authorizes the agent to persistently update its own reference files, expanding behavior from answering career questions into modifying local state. Self-modification creates a trust-boundary problem: external web content or ambiguous user prompts can become durable instructions/data, enabling prompt injection persistence, corruption of future advice, or unauthorized scope expansion across sessions.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The self-evolution workflow includes a concrete file-writing process after web searches and internal validation, but that validation is still performed by the same agent and does not provide a real security control. This makes it possible for untrusted search results, adversarial content, or model mistakes to be persisted into the skill's knowledge base, turning transient errors into long-lived behavior changes.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger phrases are broad enough to match ordinary uncertainty or stress statements such as '对未来很迷茫' or '不知道怎么选', which can cause the skill to activate outside clear career-planning intent. In a multi-skill environment, this can override more appropriate skills, steer users into an unintended workflow, and increase collection of sensitive personal context such as family finances or education details without sufficiently specific user intent.

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
Forcing the assistant to address the user as '同学' and to use a fixed first-person style imposes a language/register choice without user opt-in. This is mainly a consent and UX boundary issue: it can feel presumptive, reduce accessibility for non-student or older users, and may cause misalignment in contexts where neutral or user-preferred address is safer and more respectful.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The fallback matrix is written entirely in Chinese and presumes Chinese-language interaction without offering a language fallback or documenting that the skill is intentionally limited to Chinese-speaking users. This can exclude users who invoke the skill in another language, cause misunderstandings in high-stakes career guidance, and reduce accessibility and informed consent about locale limitations.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The example trigger phrase "我快毕业了很迷茫" is broad enough to overlap with common emotional or life-status statements that may appear in many unrelated conversations. This can cause the skill to activate outside clearly scoped career-planning intent, leading to incorrect routing, privacy over-collection, or interference with other more appropriate skills.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The file content is entirely in Chinese and does not indicate that language should be selected based on the user's preference or locale. In a career-counseling skill, forcing one language can cause misunderstanding, inaccessible guidance, or exclusion for users who do not read Chinese, though it is not a direct security exploit.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The skill defines output entirely in Chinese and does not provide any mechanism to honor the user's language preference or request clarification. This can cause unsafe or ineffective operation in multilingual environments, especially if users misunderstand career or job-search guidance due to a language mismatch.

Natural-Language Policy Violations

Medium
Confidence
93% confidence
Finding
The file explicitly frames parent negotiation through a specific China-centric cultural lens ('中国式就业') and assumes that parental control and values are the default. In a career-counseling skill, this can cause the agent to impose culturally specific assumptions on users without first checking whether that framing fits their family, region, or values, leading to biased or inapplicable guidance.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal