ClawHub

dadong-en

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only AI-safety content strategy skill, with broad public-messaging guidance but no code, credentials, persistence, or hidden execution behavior.

Install this as a content-generation and strategy prompt, not as an operational publishing agent. Review generated content for accuracy, bias, and tone before posting, and re-review the setup if you later grant social-media credentials, scraping tools, image-generation APIs, or posting permissions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill declares very broad applicability such as mass education, academic endorsement, and global standards work without any concrete activation boundaries, user intent checks, or domain restrictions. In an agent system, this can cause the skill to be invoked in contexts far beyond its safe scope, enabling persuasive ideological or strategic content to bleed into unrelated tasks and increasing the chance of unintended influence or misuse.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The template library provides ready-to-use distribution content for X/Quora and whitepaper-style messaging, but it does not specify who may trigger these outputs, under what circumstances, or what safeguards must apply. This creates a reusable prompt payload for broad public persuasion or automated content generation, making unintended invocation more dangerous because the skill contains operationalized dissemination material rather than just descriptive guidance.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal