ClawHub

Novel Character Graph

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a coherent novel-analysis tool, but it explicitly allows dependency installation without user approval, including privileged system package setup.

Install only if you will require confirmation before any package installation, sudo command, ffmpeg run, or overwrite of local files. Use already-installed tools where possible, keep outputs in a dedicated folder, and be cautious opening generated HTML from untrusted novel content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs installing system packages without an explicit user warning or confirmation, including use of privileged package management. Encouraging environment modification from within a content-processing skill can lead to unauthorized system changes, increased attack surface, and execution of network/package-manager side effects unrelated to the user's immediate task.

Missing User Warnings

High
Confidence
99% confidence
Finding
The statement '无需用户批准即可安装依赖' explicitly authorizes dependency installation without user approval. In a skill context, this normalizes unauthorized environment modification and can result in unexpected package downloads, privilege escalation attempts, and execution of third-party tooling with access to local files and metadata.

Ssd 3

Medium
Confidence
90% confidence
Finding
Permitting dependency installation without approval can expose user-provided files or environment details through package-manager logs, install scripts, plugin discovery, or invoked helper tools. While the data exposure is indirect, the skill context makes it unsafe because the task only requires novel analysis and does not justify uncontrolled environment changes.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal