ClawHub

Problem Mapper

Security checks across malware telemetry and agentic risk

Overview

The available evidence points to a broad, Chinese-language activation prompt issue, not hidden execution, data access, persistence, or destructive behavior.

Review the skill description before installing to make sure you want a Chinese-language workflow and that its activation scope fits your use case. Based on the supplied evidence, there is no indication of hidden code execution, credential use, persistence, or data exfiltration.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The activation conditions are ambiguous and expansive, covering many generic problem-solving scenarios without clear boundaries. In an agent environment, this increases prompt-routing risk: the skill may activate in contexts where it is not appropriate, shaping responses, consuming tools, or biasing decisions unexpectedly.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The activation conditions are ambiguous and expansive, covering many generic problem-solving scenarios without clear boundaries. In an agent environment, this increases prompt-routing risk: the skill may activate in contexts where it is not appropriate, shaping responses, consuming tools, or biasing decisions unexpectedly.

Natural-Language Policy Violations

Medium
Confidence
81% confidence
Finding
The description is written entirely in Chinese and implicitly assumes a Chinese-language interaction model without offering language choice. While not directly enabling code execution or data exfiltration, this can mis-handle user intent, degrade usability for non-Chinese users, and cause incorrect or unexpected activation behavior in multilingual environments.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal