ClawHub

SkillGapDiagnosis(业绩缺口分析)

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a disclosed insurance performance diagnostic tool, but it repeatedly contradicts its no-advice promise by generating sales and follow-up recommendations.

Install only if you are comfortable with the skill using broad insurance business performance data and with it sometimes producing recommendations, despite claiming to be diagnosis-only. It should be treated as a review-needed package until the publisher removes or clearly discloses the advice-generation behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The skill explicitly forbids action suggestions, but its degradation path says it will provide generic advice when live data is unavailable. This policy contradiction can cause the agent to emit recommendation-style content outside the approved control boundary, potentially bypassing the intended separation between diagnosis and advice-generation skills.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The manifest and responsibility text prohibit recommendations, yet the error-handling section reintroduces recommendation-like output. In agent systems, inconsistent instructions are dangerous because fallback paths are often less scrutinized and can become a covert route for disallowed content generation.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The prompt specification says the skill should only produce diagnostic output, but the content explicitly adds 'knowledge base retrieval suggestions,' which expands the skill into action-guidance behavior. In this business context, that can cause the agent to provide prescriptive next steps that exceed its declared scope and policy boundaries, creating misleading or non-compliant user-facing advice.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The examples directly instruct the model to say '建議優先處理,' '建議盡快跟進,' and similar prescriptive advice, despite the skill metadata explicitly forbidding action suggestions. Few-shot examples strongly shape model behavior, so these contradictions are likely to override the intended safety boundary and systematically induce unauthorized recommendations in production outputs.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
Additional examples continue to prescribe specific actions like proactive outreach, training arrangements, and higher-level goal pursuit, which conflicts with the declared diagnostic-only intent. Because these examples cover multiple scenarios, they reinforce a broad pattern of policy drift and make it highly likely the skill will deliver recommendations whenever users ask for a diagnosis.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The code emits `knowledgeRetrievalHints` such as competition hints and `達標攻略`, which creates a built-in pathway from diagnosis to follow-up guidance. That contradicts the skill contract stating it should only output diagnostic conclusions and not recommendations, and downstream orchestrators may automatically use these hints to retrieve prescriptive content the user did not request.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal