ClawHub

Learn Deep

Security checks across malware telemetry and agentic risk

Overview

This is a Chinese learning-workflow prompt with broad routing, but it does not request system access, credentials, persistence, or hidden actions.

Install this if you want a Chinese-language, structured deep-learning workflow for concepts. Be aware it may activate for simple 'what is X' style questions and ask for background before answering, so users who prefer concise direct answers may want narrower routing or a language policy.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger phrases are extremely broad (e.g., variants of 'what is X' or 'explain X'), which can cause this skill to activate for a large share of ordinary explanatory requests rather than only when the user wants the full five-perspective workflow. In an agent setting, over-broad routing can override more appropriate skills or default behavior, producing surprising responses, unnecessary questioning, and reduced controllability.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The file states this is the 'default entry' for users wanting to learn or understand a concept, but does not clearly distinguish when the agent should use this skill versus simply answering directly or choosing another explanatory behavior. That ambiguity creates routing instability and makes the agent easier to steer into an unintended multi-step flow, which is a control and reliability problem in skill-based systems.

Natural-Language Policy Violations

Medium
Confidence
83% confidence
Finding
The skill is authored entirely in Chinese and describes Chinese-language behavior without offering a language-selection mechanism or documenting that it is intentionally locale-specific. In a multilingual agent, this can cause unexpected language switching, user confusion, and degraded comprehension, especially if routing is based on semantics rather than the user's current language.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal