ClawHub

Apollo Renal

Security checks across malware telemetry and agentic risk

Overview

This is a coherent context-cleanup skill, but it can trigger broadly and directs the agent toward lossy context pruning without a clear always-confirm or restore process.

Review before installing. Use it only if you intentionally want an agent to monitor and possibly prune conversation context; prefer report-only use or require explicit confirmation before any filtering, and keep backups of important memory/task state until trigger scope and recovery behavior are clearer.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger list includes very broad everyday terms such as '整理', '过滤', 'token', and '清理', which can cause the skill to activate in unrelated conversations. Because this skill is designed to filter and potentially remove context, accidental activation can lead to unintended context compression or loss of important conversational state.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The auto-trigger conditions are vague, such as '对话效率明显下降时', and one condition depends on token usage exceeding 50% without defining a reliable measurement source or enforcement boundary. Ambiguous activation logic increases the chance of inconsistent or premature execution of a skill that modifies context state.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly allows deletion of repeated confirmations, exploratory process, outdated temporary information, and repeated expressions, but does not require a clear warning or consent flow before changing conversation state. In a context-management skill, silent deletion is especially risky because users may lose recoverable reasoning history, task context, or information later needed for auditability or correction.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal