ClawHub

Thesis Review Pro

Security checks across malware telemetry and agentic risk

Overview

This is a coherent thesis-review helper that reads user-provided thesis PDFs and generates review documents, with privacy considerations users should manage.

Install only if you are comfortable letting the agent process thesis PDFs and create review documents that may include personal and unpublished academic information. For blind review or confidential theses, remove identifying details first and avoid saving or sharing generated documents outside the approved review process.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger phrases are very broad academic terms such as '论文评审' and '评审意见', which can cause the skill to activate in ordinary educational or research conversations that are not intended to invoke thesis processing. Over-broad activation increases the chance of unintended handling of sensitive thesis content or generation of authoritative-sounding evaluations in the wrong context.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly extracts author names, school, project history, academic成果 and other thesis metadata from PDFs, but provides no privacy warning, minimization guidance, or handling restrictions for potentially sensitive academic and personal data. In academic settings, unpublished theses and blind-review materials may be confidential, so silent processing and document generation can lead to privacy leakage, policy violations, or deanonymization.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal