ClawHub

头脑超级风暴

Security checks across malware telemetry and agentic risk

Overview

This is a planning skill that may read project context and create a committed design document, but those actions are disclosed and fit its purpose.

Install this if you want a structured design-planning workflow. Before use, be aware it may inspect project files and git history, then create a design document and commit it; review the generated plan and approve any git action explicitly.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill’s scope expands from ideation into state-changing actions by instructing the agent to write a design document and commit it to git. This is dangerous because users invoking a brainstorming skill may not expect filesystem or version-control modifications, which can create unauthorized workspace changes and persistent history entries.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger condition is extremely broad, stating the skill must be used before essentially any creative work, feature addition, or behavior change. Overbroad invocation increases the chance the skill is auto-selected in inappropriate contexts, which can unnecessarily expose project context and lead to unintended downstream actions such as file writes or commits.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The document directs the agent to write to docs/plans and commit to git without requiring an explicit user-facing notice that the workspace and version history will be modified. Hidden or insufficiently disclosed state changes are risky because they can surprise users, alter repositories, and make unintended changes durable through commits.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal