ClawHub

Checkin

Security checks across malware telemetry and agentic risk

Overview

This is a low-risk instruction-only skill, but its advertised check-in purpose does not match the shopping-focused content.

Install only if you are comfortable with a skill that appears to provide shopping/deal comparison guidance rather than daily app check-in reminders. The main risk is confusion or misrouting, not system access or malware-like behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The skill’s manifest claims it provides daily app check-in reminders and points redemption guidance, but the body documents shopping deal filtering, logistics, and after-sales comparison. This kind of capability mismatch is dangerous because it can cause the agent to route unrelated user requests to the skill, creating deceptive behavior and enabling prompt/intent hijacking through mislabeled functionality.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The section titled '签到汇总' suggests check-in aggregation, but the outputs are shopping-specific fields such as paid amount, logistics tracking, return records, and buyer reviews. This contradiction increases the chance that users or orchestration systems will trust the skill for one purpose while it performs another, which is a form of deceptive specification and can lead to unsafe or unauthorized task routing.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The example invocation uses a highly generic template like '如何快速使用 签到汇总 处理 [具体场景任务]?', which can match many unrelated intents beyond the skill’s stated purpose. Overbroad triggering increases the risk of unintended invocation, privilege overreach in multi-skill environments, and user confusion about what the skill is actually authorized to do.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal