ClawHub

642件可写的小事

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed local HTML writing-app generator, with the main caution that broad trigger phrases can cause it to create a workspace file unexpectedly.

Install this if you want an agent to generate a local creative-writing HTML app. Be aware that phrases about creative writing or writing inspiration may trigger it, and it may create or update data/642-things-to-write.html; writing saved inside the generated app persists locally in the browser until deleted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill advertises broad trigger terms such as '创意写作', '写作灵感', and '写作应用', which are common phrases in ordinary conversation. This can cause accidental invocation of a skill that immediately generates and writes a file, creating unintended side effects without clear user intent.

Vague Triggers

Low
Confidence
88% confidence
Finding
The trigger section lists positive keywords but provides no exclusion conditions or disambiguation rules. In context, this increases the chance that normal discussion about writing prompts or H5 apps could activate the skill and lead to unwanted file generation.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The workflow instructs the bot to write a complete HTML file directly into the workspace by default, without a user-facing warning or confirmation. Automatic disk writes are dangerous because they create persistent side effects and could overwrite expectations or clutter the workspace when the skill is triggered unintentionally.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal