ClawHub
Back to skill

Security audit

中东冲突报道

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only news briefing skill for Iran conflict updates, with disclosed formatting and sourcing rules and no executable code or privileged access.

Reasonable to install if you want structured Iran conflict briefings. Because this is fast-moving conflict news, specify your preferred language, ask for current reputable sources, and treat claims as uncertain unless independently verified.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill description is broad enough to match ordinary requests for conflict or news updates, which can cause the agent to invoke this specialized skill when the user did not explicitly ask for war-tracking or claim-verification output. That creates scope creep and can steer responses into a fixed framing, sourcing, and output format that may not fit the user’s intent, increasing the risk of inappropriate activation and misleading presentation in a sensitive geopolitical context.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The skill instructs the model to write in Chinese by default unless the user asks otherwise, overriding normal user-language expectations and potentially causing unauthorized language switching. In a high-stakes news and conflict-reporting skill, this can reduce usability, obscure meaning for users expecting another language, and create a mismatch between the user’s request and the agent’s output.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal