ClawHub

网红水族馆

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill has no code-level access risk, but its aquarium label conflicts with hiking-style route and safety guidance that could mislead users.

Review before installing. This skill does not appear to run code or access data, but its content should be corrected so aquarium guidance focuses on exhibits, tickets, hours, transit, accessibility, crowds, and venue rules rather than hiking-route criteria.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The skill’s body documents hiking and outdoor route-planning features such as mileage, elevation, road conditions, emergency retreat, and trail logistics, which materially conflict with the declared aquarium purpose. This kind of semantic mismatch can cause the wrong skill to be invoked for user requests, leading to unsafe or misleading guidance and breaking routing and trust assumptions in the agent ecosystem.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The documented behavior clearly describes outdoor hiking/trail guidance rather than aquarium recommendation and visit assistance. A mis-scoped skill can be selected in inappropriate contexts and provide irrelevant or unsafe advice, especially where users rely on the assistant to match domain-specific planning and safety considerations correctly.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The activation description is broad enough to match generic travel-planning or itinerary requests, not just aquarium-related queries. Overbroad triggering increases the chance of accidental invocation, causing cross-domain interference and exposing users to the wrong workflow or recommendations.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal