ClawHub

文言文复活计划

Security checks across malware telemetry and agentic risk

Overview

This is a classical Chinese study skill that uses roleplay, memorization drills, and citation practice, with no executable code or hidden security-sensitive behavior found.

This skill appears safe to install for classical Chinese learning. Be aware that it may activate broadly for poetry or ancient-text questions and may suggest study records or reminders, so users who prefer plain translation or no study tracking should steer the agent explicitly.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill mandates activation for a very broad set of common poetry and classical-Chinese requests using language like '必须激活' and '凡是涉及...务必调用'. This can cause inappropriate routing, override user intent, and interfere with safer or more relevant skills, especially when a request only partially overlaps with classical literature or needs a different pedagogy.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The module trigger list includes vague conditions such as receiving a poem title/original text or requests like '用第一人称讲解', which can match many normal educational interactions without sufficient disambiguation. Ambiguous triggers increase the chance of false activation, causing the agent to enter roleplay or specialized flows when the user may only want translation, factual analysis, or another skill entirely.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal