ClawHub

duange-zero-skill

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This is a beginner-focused Chinese skill-creation guide with no executable code or hidden data access, though its trigger examples and templates should be tightened before relying on generated skills.

Safe to install for drafting Codex Skills, especially for Chinese-speaking beginners. Before publishing or using any generated skill, review its trigger phrases, add clear non-trigger cases, and keep explicit confirmations for deletion, overwriting, posting, payments, authorization, private files, and credentials.

SkillSpector (4)

By NVIDIA

Vague Triggers

Medium
Confidence
93% confidence
Finding
The listed trigger phrases are very broad and map to common conversational requests, so this skill could activate in situations where the user did not clearly intend to invoke a skill-construction workflow. In an agent environment, ambiguous routing can cause unintended capability exposure, confuse task boundaries, and increase the chance that the wrong instructions or files are generated for unrelated requests.

Natural-Language Policy Violations

Medium
Confidence
91% confidence
Finding
The skill content is entirely written in Chinese and directs the interaction in Chinese without offering any language selection or fallback. This can exclude or confuse users who operate in other languages, causing misunderstanding of prompts, incorrect skill configuration, or failure to use the skill safely and effectively.

Vague Triggers

Medium
Confidence
89% confidence
Finding
最小模板中的触发描述仅写成“当用户说某些触发词时使用”,没有要求作者定义明确的触发条件、排除条件或适用范围。对一个用于指导新手创建 Skill 的模板来说,这会被下游技能直接继承,导致技能在不适合的上下文中被意外调用,进而触发不该执行的处理流程。

Vague Triggers

Medium
Confidence
93% confidence
Finding
“什么时候使用”部分只给出“当用户……”这类开放式占位,没有要求说明输入前提、任务边界、权限敏感条件或冲突场景。该仓库的技能面向不会编程的用户,这种过度简化会系统性地产生边界不清的技能,增加误触发、误执行和在敏感操作前缺乏充分约束的风险。

Static analysis

No static analysis findings were reported for this release.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal