ClawHub

深度调研 (Deep Research)

Security checks across malware telemetry and agentic risk

Overview

This research skill is useful and mostly coherent, but it under-discloses online behavior and requires automatic report saving and Feishu delivery without a final user approval step.

Install only if you are comfortable with an online research workflow that can save reports locally and send them through Feishu. For confidential, regulated, or internal topics, require a manual confirmation step for the destination, file path, and contents before any PDF or Markdown report is sent.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (12)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The README makes materially misleading claims that the skill has 'no external dependencies' and 'works offline,' while the documented workflow depends on network-based web_search/web_fetch operations. This can cause users or downstream agents to make unsafe trust decisions about connectivity, data exposure, and deployment environment assumptions.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The comparison table reinforces the false impression of offline operation even though later phases require live web research. In a research skill, this inconsistency is especially risky because users may process sensitive topics under the mistaken belief that no online access or external retrieval occurs.

Description-Behavior Mismatch

Medium
Confidence
81% confidence
Finding
The skill expands from research guidance into shell-based file creation and outbound message delivery, crossing trust boundaries from analysis into side-effecting local and external actions. That broadening is dangerous because it can cause unreviewed file writes and data transmission outside the user's immediate expectation of a research skill.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The document claims the skill should stay within user-requested boundaries while also requiring automatic PDF sending without prompting or permission. This contradiction is dangerous because it normalizes bypassing user consent and can exfiltrate potentially sensitive research content to an external channel even when the user only asked for analysis.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The invocation guidance allows very broad triggers such as 'deep research on...' or 'exhaustive analysis of...', which can overlap with ordinary user requests and cause accidental activation of the skill. That can lead to unintended long-running searches, unnecessary network activity, and unexpected collection or transmission of user-provided topics to external web-retrieval tooling.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill explicitly mandates automatic file saving, PDF generation, and message delivery with 'No User Permission Needed.' This is dangerous because it authorizes persistent local writes and external transmission of possibly sensitive report contents without consent, review, or data-handling safeguards.

Missing User Warnings

High
Confidence
97% confidence
Finding
The later automation block reinforces mandatory off-platform delivery and treats research as incomplete until transmission occurs. This is dangerous because it pressures the agent to move user data to an external messaging system by default, increasing privacy, confidentiality, and accidental disclosure risk.

Vague Triggers

Medium
Confidence
96% confidence
Finding
The invocation guidance is overly broad because phrases like "deep research" and especially "exhaustive analysis" can plausibly appear in normal user conversation, causing the skill to trigger unintentionally. In an autonomous research skill that performs multi-step web activity, accidental activation can lead to unintended tool use, unnecessary external queries, and execution of a heavyweight workflow without clear user intent.

Ssd 3

Medium
Confidence
95% confidence
Finding
The instructions normalize automatic delivery of generated reports to an external messaging channel without additional consent. In a research context, reports may contain proprietary, personal, regulated, or strategically sensitive information, so automatic outbound transfer materially raises data exfiltration risk.

Ssd 3

Medium
Confidence
95% confidence
Finding
The post-report workflow again requires sending the report file via Feishu without prompting, embedding automatic external transmission as part of normal completion criteria. This makes the skill more dangerous because the surrounding context involves deep research, which often aggregates sensitive source material and user objectives into a single exportable artifact.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
**⚠️ This skill requires AUTOMATIC PDF delivery. Do NOT stop after completing research.**

After completing the final report (Phase 4), you MUST automatically execute:

### ✅ Delivery Checklist (No User Permission Needed)
Confidence
90% confidence
Finding
automatically execute

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
---

## Phase 3: Research Cycles (Auto-Execute)

### Theme 1: Market Landscape — Cycle 1
Confidence
80% confidence
Finding
Auto-Execute

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal