ClawHub

Adaptive Socratic Questioning

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only education skill for Socratic questioning, with broad trigger wording but no hidden execution, data access, or privileged behavior.

Install this if you want an assistant to guide learning through Socratic follow-up questions. Be aware it may ask questions in some broad academic or problem-solving contexts where you might prefer a direct answer; avoid invoking it for urgent, safety-sensitive, counseling, debugging, or straightforward factual tasks.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The README explicitly states the description is made intentionally "pushy" to improve triggering and adds broad phrases like "always use this skill" for common educational contexts. This can cause the skill to be invoked outside its intended scope, biasing agent behavior and potentially suppressing better-matched skills or base-model reasoning.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The recommended trigger phrases overlap with very common educational requests such as questioning, deeper understanding, and critical thinking. In a skill-routing system, this kind of broad overlap can lead to persistent over-triggering, unnecessary skill invocation, and degraded reliability because many unrelated tutoring or teaching requests may be captured by this skill.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The auto-load trigger is broad enough to activate on many generic academic or research-help requests, which can cause the agent to apply a Socratic-questioning style when the user actually wants direct answers or another specialized skill. This is primarily a scope-control and behavior-routing issue rather than code execution, but it can degrade reliability, cause misalignment with user intent, and in edge cases interfere with higher-priority instructional or safety behaviors.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger list contains broad academic phrases such as research questions, paper writing, data analysis, and problem solving, which are common across many unrelated educational interactions. This can cause the skill to activate in contexts where Socratic probing is not appropriate, leading to unintended behavior, user friction, and possible interference with more suitable skills.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The manifest does not define activation boundaries, exclusions, or negative examples, so the platform has little guidance on when not to invoke this skill. In combination with the broad trigger set, this increases the chance of over-activation and makes the skill easier to invoke accidentally during general education or research-support conversations.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrase "问题解决" is overly broad, which can cause the skill to activate in ordinary non-academic contexts where Socratic questioning is not appropriate. In an agent ecosystem, overbroad activation can misroute user requests, degrade behavior, and create prompt-scope confusion that may interfere with safer or more suitable skills.

Vague Triggers

Medium
Confidence
91% confidence
Finding
A trigger set without scope constraints or negative examples increases the chance of unintended invocation outside the intended academic setting. While this is not a classic software exploit, it is a genuine agent-safety weakness because attackers or ambiguous prompts could steer the system into using the wrong skill, producing inappropriate guidance or bypassing better-scoped behavior.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal