ClawHub
Back to skill

Security audit

Typed Ontology Workflow Helper

Security checks across malware telemetry and agentic risk

Overview

The skill is not malicious, but its Chinese instructions and requirement plan broaden an ontology helper into generic productivity, bug-fixing, and implementation support while allowing implicit invocation.

Install only if you want this skill to help design typed ontologies and knowledge-graph schemas. Review or revise the Chinese SKILL file and requirement plan first if your agent uses localized instructions or implicit skill routing, because they may cause the skill to run for unrelated productivity, bug-fix, or implementation tasks.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (12)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The manifest description materially diverges from the skill’s declared purpose, focusing on generalized market-demand validation and adjacent-skill support instead of typed ontology and knowledge-graph workflow assistance. This can cause incorrect routing or activation, leading the agent to apply the skill in unrelated contexts and produce misleading or unsafe outputs because users and orchestrators cannot reliably infer the skill’s true behavior.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The workflow and expected-output sections describe a broad generic productivity/support process rather than ontology-specific tasks. That mismatch weakens operator predictability and can make the skill overbroad, increasing the chance of inappropriate invocation and output generation outside the intended knowledge-modeling domain.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The requirement plan materially broadens the skill from ontology and knowledge-graph workflow design into generic bug-fixing, hardening, reliability, and adjacent-skill creation. That scope drift can cause an agent to apply the skill in unintended contexts, increasing the chance of overbroad actions, unsafe delegation, or outputs outside the reviewed capability boundary.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The executable plan authorizes generic artifact, workflow, analysis, and code-change production rather than constraining actions to ontology-specific deliverables. In an agent ecosystem, this kind of open-ended implementation language can be used to justify unintended modifications or broad task execution beyond the skill's safety-reviewed scope.

Description-Behavior Mismatch

Low
Confidence
85% confidence
Finding
The expected outputs and usage signals frame the skill as a general productivity helper, which weakens activation precision and increases the likelihood of invocation for unrelated tasks. While less severe than direct code-execution scope expansion, it still undermines least-privilege behavior and can route users into an ill-fitting workflow.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The skill's activation condition is framed broadly around turning loose notes, memory, business objects, or research material into a typed ontology, but it does not define clear boundaries for when a more specific skill should be preferred or when ontology work is unnecessary. In an agentic environment, this can cause over-triggering and misrouting, leading the agent to apply schema/modeling behavior to general productivity or note-taking tasks and potentially reshape user data in unintended ways.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger keywords are generic terms like 'schema', 'ontology', 'agent memory', and 'structured notes', which commonly appear in many unrelated user requests. Because there is no disambiguation logic or required co-occurring conditions, the skill may activate too often and override more appropriate tools or workflows, increasing the risk of incorrect handling of user intent and unnecessary transformation of data.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger keywords are overly broad and include common terms such as 'knowledge', 'graph', 'structured', and 'creating', which can match many unrelated requests. Overbroad triggers increase accidental activation risk, causing context confusion, tool misuse, and lower-trust responses when the wrong specialized skill is selected.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The activation condition in the description is framed so broadly that it covers requests for practical workflows, artifacts, checklists, analysis, or implementation support around a loosely related demand statement. This unclear boundary can cause the skill to activate for generic productivity work instead of ontology-specific assistance, reducing controllability and increasing the chance of inappropriate outputs.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill enables implicit invocation without any visible activation constraints, exclusions, or scope limits. That can cause the agent to invoke this skill in contexts where the user did not explicitly request ontology/schema design, potentially exposing unrelated user data to the skill or causing unintended structured transformation of sensitive notes and memory content.

Vague Triggers

High
Confidence
94% confidence
Finding
A trigger sentence built around a broad everyday phrase is likely to activate on many unrelated user requests. In an agent setting, overbroad activation can cause the wrong skill to take control, leading to irrelevant guidance, unsafe task expansion, or interference with more appropriate guarded skills.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger description lacks clear boundaries for when the skill should and should not activate, making dispatch ambiguous. In context, this is more dangerous because the skill already contains broadened productivity language, so vague triggers amplify the risk of accidental or inappropriate use.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal