ClawHub

地产品牌社群运营顶层策略咨询

Security checks across malware telemetry and agentic risk

Overview

This is a Chinese-language real-estate community strategy prompt with disclosed web research and visualization steps, not a skill that installs code or seeks privileged access.

Install only if you want a Chinese real-estate community operations consulting prompt. Avoid uploading unredacted customer research, personal data, confidential brand materials, or sensitive business strategy unless you are comfortable with the agent using that information in its response and related web-search workflow. Treat the referenced case-library files as unavailable in this package because only SKILL.md is included.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The manifest says the skill must be invoked immediately whenever a wide set of real-estate community keywords appears. This broad mandatory trigger can cause over-invocation, hijack normal routing, and make the assistant apply the skill in contexts where it is only tangentially relevant, reducing user control and increasing the chance of inappropriate tool use.

Natural-Language Policy Violations

High
Confidence
90% confidence
Finding
The description is written to force Chinese-language behavior and does not provide any user-language negotiation. This can override the user's preferred language, degrade usability, and in multilingual environments can lead to incorrect or inaccessible outputs, though it is primarily a quality and policy issue rather than a direct security compromise.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal