ClawHub

运用古智慧提升格局与破局之路

Security checks across malware telemetry and agentic risk

Overview

This is a text-only Chinese wisdom skill, but it asks for sensitive personal details, includes persistent self-updating instructions, and provides high-risk tactical workplace or business guidance without enough safeguards.

Review carefully before installing. Use it only if you are comfortable with a Chinese-language cultural strategy assistant that may ask for personal profiling details and suggest competitive tactics. Avoid sharing birth time, location, private reflections, confidential workplace details, or business-sensitive context unless you intentionally want that analysis, and do not allow case-log or knowledge-base updates without explicit approval and a visible diff.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The document says the protocol is for `apply-china-classics`, while the manifest identifies the skill as `apply-china-wisdom`. This mismatch can cause the wrong knowledge file to be associated with a different skill, undermining trust boundaries and enabling accidental or intentional cross-skill prompt/behavior confusion.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The closing text again references `apply-china-classics` instead of the declared skill name. Repeated identifier drift increases the likelihood of maintenance errors, misdeployment, or a reviewer missing that content may have been reused from another skill with different assumptions and safeguards.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The file directs the AI to perform persistent self-modification by writing to multiple knowledge-base files based on user feedback. This expands the skill from a read-only advisory role into an agent that can mutate its own knowledge and behavior, which can enable prompt injection persistence, unauthorized repository changes, and drift away from the declared skill scope.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
This content goes beyond cultural interpretation and concretely translates classical stratagems into modern tactics centered on deception, leverage, dependency creation, and adversarial maneuvering in workplaces and business competition. In the context of an agent skill, that operational framing can enable manipulative or unethical conduct by giving users actionable playbooks rather than neutral historical analysis.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The call protocol explicitly instructs the system to select a stratagem, adapt it to a user's relationships and resources, and execute scenario-specific application steps. That transforms the file into an operational decision framework for competitive manipulation, increasing the likelihood of personalized harmful advice in real workplace or commercial settings.

Natural-Language Policy Violations

Medium
Confidence
90% confidence
Finding
The disclaimer is only provided in Chinese, which can prevent non-Chinese-speaking users from understanding important safety, liability, and misuse limitations. In a skill that offers strategic guidance and action plans, lack of accessible disclaimer language increases the risk of uninformed use and weakens informed consent around potentially consequential advice.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The markdown instructs the AI to write and update repository knowledge files when users provide feedback, but it does not require warning the user that persistent repository content will be modified. This creates a risk of silent state changes, accidental data persistence, and attacker-controlled content being written into files for future sessions.

Ssd 4

Medium
Confidence
93% confidence
Finding
The document narratively normalizes deceptive and coercive stratagems as modern executable tactics and then provides a stepwise protocol for applying them. In skill context, this makes the system more dangerous because it is designed to convert abstract wisdom into concrete behavioral guidance, lowering the barrier to manipulative workplace or business conduct.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal