ClawHub

Academic Search Zh

Security checks across malware telemetry and agentic risk

Overview

This is a Chinese academic literature-search helper with no executable code, hidden install behavior, credential use, persistence, or destructive capability shown.

Safe to install based on the provided artifacts. Use it for academic literature search and review support, and only provide PDFs or documents you are comfortable having your agent process; verify generated summaries, citations, and research claims against the original sources.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
83% confidence
Finding
The skill description contains broad, generic trigger phrases such as how to find papers, how to write a literature review, and project pre-research, which can overlap with many ordinary user requests and cause unintended auto-invocation. This increases the chance that the skill activates outside its intended scope, potentially exposing user content to unnecessary tool use or steering conversations inappropriately.

Natural-Language Policy Violations

Medium
Confidence
74% confidence
Finding
The skill is written entirely in Chinese and does not indicate any user language fallback or choice, which may cause it to respond in an unexpected language when invoked for multilingual or non-Chinese users. This is primarily a safety and usability boundary issue: forced language behavior can confuse users, increase misinterpretation of research guidance, and make unintended activation harder to detect or correct.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal