ClawHub

Thinking - 深度思考与规划

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only planning skill that is coherent with its stated purpose, though users should invoke it deliberately because it can consult memory/history and its natural-language triggers are broad.

Install if you want a planning layer that can use agent memory, session history, and installed-skill context. Prefer invoking it with /thinking, review any plan before allowing external actions, and treat cancellation carefully until the example is corrected.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The cancellation example contradicts the documented state machine by showing a full thinking/execution output after the user says cancellation text. This can mislead implementers into building behavior that continues processing after cancellation, causing unintended actions, privacy leaks from memory/history retrieval, or accidental use of external tools despite user revocation.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The direct trigger phrase "先思考一下这个问题" is very generic everyday language, so normal user requests may unintentionally activate the skill. That can cause unexpected behavior changes, hidden prompting, or workflow interception in unrelated conversations, especially because this is a meta-skill that affects how the agent plans and acts before execution.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The direct trigger phrases are broad natural-language expressions that can appear in ordinary conversation, so the skill may activate unexpectedly without clear user intent. In this skill, accidental activation is more dangerous because the workflow includes listing skills, searching memory/history, planning actions, and potentially executing external operations after analysis.

Vague Triggers

Medium
Confidence
96% confidence
Finding
The trigger list includes common conversational phrases like "think about this", "分析一下", and "规划一下" that are likely to appear in normal user requests. This can cause unintended activation of the skill, leading the agent to alter behavior or invoke planning logic when the user did not explicitly intend to call the skill.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal