ClawHub

DDD领域驱动设计技能

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only DDD guidance skill set with no hidden execution behavior; its main caveat is broad, opinionated routing into DDD advice.

Install this if you want opinionated DDD guidance. Be aware it may steer broad architecture or refactoring conversations toward DDD patterns, and review any generated code or dependency examples for your actual language, framework, and system constraints before applying them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill description is broad enough to trigger on generic software architecture, refactoring, and code review requests, which can cause unintended activation outside a narrowly defined DDD context. Over-broad routing can misapply the skill, bias user workflows, and steer users into unrelated sub-skills, increasing the chance of incorrect or overly opinionated guidance.

Natural-Language Policy Violations

Low
Confidence
84% confidence
Finding
The skill states that all code examples are based on Java/Kotlin + Spring/JPA, which can unduly constrain output even when the user's stack differs. While not a direct security exploit, this creates a safety and quality risk by encouraging technology-specific guidance without confirming suitability, potentially leading to insecure or incompatible implementation advice in other ecosystems.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The skill description uses broad trigger phrases such as legacy system upgrade, DDD refactoring, and old project transformation, which can overlap with general software-development discussions. This can cause the skill to activate when the user did not intend to enter a structured DDD refactoring workflow, leading to incorrect routing or overly prescriptive guidance.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal