ClawHub

Prompting Modes - 高级推理模式工具箱

Security checks across malware telemetry and agentic risk

Overview

This is a prompt-guidance skill for reasoning modes, with broad activation phrases but no hidden code, install behavior, persistence, or credential handling.

Install only if you want ordinary requests like search, planning, or step-by-step reasoning to route into these structured modes. Keep normal confirmations for sensitive tool use, especially browser login, file access, code execution, or database queries.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
87% confidence
Finding
Several triggers such as '一步一步思考', '使用工具解决', and '生成详细计划' are broad natural-language phrases likely to appear in ordinary user requests. That can cause unintended skill activation, unexpectedly shifting the assistant into richer reasoning or tool-usage workflows and increasing the chance of unnecessary data access or actions.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly describes using search, code execution, file-system, and database tools, but it does not state any safety boundaries, consent requirements, or restrictions on sensitive operations. In practice this can normalize tool invocation without user awareness, increasing privacy, integrity, and unintended side-effect risks when the skill is auto-selected.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The explicit trigger list contains broad, everyday terms such as '搜索', '查询', '计划', and '步骤' that are likely to appear in normal user requests, which can cause accidental activation of the skill or unintended selection of a more powerful reasoning/tool-use mode. In this skill’s context, that matters because activation can change agent behavior toward tool invocation, multi-step planning, or expanded reasoning, increasing the chance of unnecessary external actions, prompt-surface expansion, and policy bypass via misrouting.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal