ClawHub

地产项目品牌故事线策略

Security checks across malware telemetry and agentic risk

Overview

This skill is a real-estate marketing writing assistant with disclosed document-reading and search behavior, and no executable code or hidden persistence.

Install this if you want a specialized real-estate branding and marketing assistant. Expect it to read project files you upload and use web/image search for current references. Specify the output language when it matters, and do not upload confidential plans, contracts, private financials, or personal data unless you are comfortable having the agent use them in generated content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

High
Confidence
88% confidence
Finding
The instruction to trigger whenever a user uploads real-estate project materials lacks boundaries on file purpose, consent, and requested task. That increases the chance the agent will auto-process sensitive or irrelevant documents and begin marketing-oriented transformations without confirming user intent, creating privacy and workflow-integrity risks.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The instruction to trigger whenever a user uploads real-estate project materials lacks boundaries on file purpose, consent, and requested task. That increases the chance the agent will auto-process sensitive or irrelevant documents and begin marketing-oriented transformations without confirming user intent, creating privacy and workflow-integrity risks.

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
Automatically choosing output language based on project geography or developer profile overrides user agency and can lead to unintended disclosure, confusion, or unsuitable outputs in multilingual contexts. In agent systems, silent defaults that materially change output format are risky because they may conflict with explicit or implicit user expectations.

VirusTotal

52/52 vendors flagged this skill as clean.

View on VirusTotal