ClawHub

Second Hand House

Security checks across malware telemetry and agentic risk

Overview

This skill does not appear to run code or request permissions, but its housing label does not match the store/local-business instructions inside it.

Review carefully before installing. The security risk is low because this is an instruction-only skill with no code or requested access, but its content is not aligned with its real-estate description. Do not rely on it for housing searches, VR tour arrangements, transaction steps, legal decisions, or financial commitments unless the publisher corrects the scope and you independently verify the information.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The skill manifest claims to provide second-hand housing search, VR viewing, and transaction guidance, but the body describes local business discovery features like queue status, parking, store notes, and promotional information. This scope mismatch can misroute user requests, cause an agent to invoke the wrong capability, and create unsafe or deceptive behavior because the documented behavior does not match the declared purpose.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The examples and notes encourage uses such as 'latest玩法/优惠信息' and '到店体验', which are inconsistent with a housing skill and reinforce the manifest/content mismatch. In an agent setting, this can broaden invocation beyond intended scope, confuse routing, and lead users to receive irrelevant or misleading guidance under a real-estate label.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases are highly generic placeholders that do not clearly constrain what the skill should handle. Broad invocation patterns increase the chance of accidental or inappropriate activation, especially when the rest of the document already shows domain confusion, making misrouting more likely.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal