ClawHub

中文自媒体内容工厂

Security checks across malware telemetry and agentic risk

Overview

This is a text-only Chinese social-media writing skill with broad activation wording but no code, credentials, account access, or publishing authority.

Install this only if you want a Chinese social-media copywriting assistant. Because its triggers are broad, confirm it is the right skill for generic writing tasks, and review generated content for factual accuracy, copyright, platform rules, and marketing claims before publishing. Avoid pasting private customer or business information into prompts unless you are comfortable using it for content generation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrases described in the skill metadata and examples are broad content-creation requests such as '写文案' and '内容创作', which can easily overlap with ordinary user intent and cause the skill to activate unexpectedly. Over-broad activation increases the chance of prompt/context hijacking, misrouting benign conversations into this skill, and applying platform-specific persuasive or SEO behavior when the user did not explicitly request it.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrases are broad generic terms such as 写文案, 内容创作, and 公众号文章, which are likely to match many ordinary requests and activate the skill when the user did not specifically ask for it. This can cause unintended routing, override more appropriate skills, and lead to confusing or policy-misaligned behavior, especially in environments where skills are selected automatically.

Natural-Language Policy Violations

Medium
Confidence
80% confidence
Finding
The description strongly anchors the skill as Chinese-language output and lists Chinese-only use cases without indicating user choice or language fallback. In an auto-invocation system, this can cause the assistant to switch language unexpectedly, reducing user control and creating confusing or inaccessible responses, though it is not a direct code-execution or data-exfiltration risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal