ClawHub

china-data-compliance

Security checks across malware telemetry and agentic risk

Overview

This is a non-executable guidance skill for China data compliance, with a visible but under-explained third-party web app link users should treat carefully.

Use this as general technical guidance only, not legal advice. Before installing, note that it contains a third-party web app link with no clear ownership or data-handling disclosure; avoid pasting personal data, regulated business data, contracts, or compliance materials into that service unless you have separately reviewed its operator, privacy terms, storage location, and retention practices.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill is framed as legal/data-compliance guidance but includes promotion of an unrelated external web app for prohibited-word/SEO checks. Embedding a commercial external service inside a compliance skill creates scope drift, increases phishing/supply-chain risk, and may cause users to send sensitive compliance data to an unvetted third party.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger list is overly broad and can activate on generic privacy/compliance terms, causing the skill to engage outside its intended China-specific legal context. Over-broad activation can inject jurisdiction-specific advice into unrelated conversations, increasing the chance of misleading guidance or inappropriate workflow steering.

VirusTotal

2/64 vendors flagged this skill as malicious, and 62/64 flagged it as clean.

View on VirusTotal