ClawHub

币安 AI 交易员驾照局

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a prompt-only assistant behavior skill with no artifact-backed evidence of code execution, credential use, data exfiltration, persistence, or destructive actions.

Install if you want this specific assessment workflow and Chinese-formatted output. Be aware it may activate implicitly and may answer in Chinese unless the host or user overrides it, so review generated compliance or licensing-style judgments before relying on or publishing them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The default prompt is highly prescriptive and broad: it automatically instructs the agent to invoke this skill and produce a full licensing-style assessment whenever the skill is used, without clear user-consent boundaries or narrowing conditions. Because implicit invocation is also enabled, this increases the chance the skill is triggered in contexts the user did not explicitly request, causing unwanted behavior, overreach, or misleading compliance-style judgments.

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
The default prompt mandates a Chinese-language output format, including a Binance Square-ready Chinese record, without checking the user's language preference. This can override user expectations, reduce usability, and create confusion or miscommunication in multilingual contexts, especially when the model is expected to follow the user's chosen language.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal