ClawHub
Back to skill

Security audit

HiLegal Boundaryless · Strategic · Results

Security checks across malware telemetry and agentic risk

Overview

This is a Markdown-only cross-border compliance reference skill with broad legal-adjacent scope, but no hidden code, persistence, credential access, or destructive behavior was found.

Install this only if you want a broad Chinese/English compliance research helper. Verify current law, sanctions, credit, and pricing data with primary sources or qualified counsel before acting, and avoid sharing confidential company information unless you know what external lookup provider or platform protections are being used.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger list is broad enough to activate on ordinary compliance-related conversation rather than a clear request to use this specific skill. In an agent setting, this can cause over-invocation, routing users into legal/compliance workflows unexpectedly, increasing the chance of irrelevant data access, unnecessary external lookups, or authoritative-sounding legal guidance being produced without strong intent confirmation.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The description defines the skill scope as essentially any international business compliance question, which creates unclear activation boundaries. For a legal/compliance skill, this ambiguity is more dangerous because users may receive quasi-legal analysis or trigger external retrieval on sensitive business matters when a general informational response or explicit handoff to qualified counsel would be safer.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal