ClawHub
Back to skill

Security audit

lukas

Security checks across malware telemetry and agentic risk

Overview

This is a low-impact conversational skill that changes casual greetings into poetic Chinese scene replies, with no evidence of sensitive access or harmful behavior.

Install only if you want common casual greetings to be answered in a stylized Chinese poetic format. Be aware it may over-trigger on broad greetings like “how are you?” or “what’s up?”, but the reviewed artifacts do not show credential use, file access, persistence, exfiltration, or destructive actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger scope includes very common conversational phrases such as 'how are you?' and 'what's up?', which can appear in broader or task-oriented conversations. This can cause the skill to activate inappropriately and override normal assistant behavior, leading to confusing, irrelevant, or policy-misaligned responses even though it does not directly enable code execution or data exfiltration.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The instruction to trigger 'immediately' on listed phrases lacks boundaries for near-matches, multilingual variants, and messages that combine a greeting with another request. In an agent system, this kind of unconditional routing increases the risk of prompt hijacking at the skill-selection layer, where benign user intent may be replaced by a rigid poetic template that is unrelated to the actual task.

Natural-Language Policy Violations

Medium
Confidence
81% confidence
Finding
The skill mandates a fixed Chinese output structure regardless of user language, which can cause incorrect or manipulative responses for English or other-language users. While not a direct security exploit, forced locale output can degrade reliability, obscure user intent, and make agent behavior easier to misuse in contexts where language consistency matters.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal