ClawHub

王小波风格写作助手

Security checks across malware telemetry and agentic risk

Overview

This is a text-only Chinese writing-style skill with no executable code, network access, credential use, persistence, or hidden system behavior.

Install this if you specifically want Chinese prose transformed or analyzed through this named style framework. Be aware it may be selected for adjacent writing tasks because its triggers are broad, so review whether the style is actually desired and ensure generated text remains original rather than copying source examples.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger list includes broad generic phrases such as popular-science writing, logical deduction writing, and humorous prose, which can cause the skill to activate for ordinary writing tasks that do not explicitly request Wang Xiaobo-style imitation. Over-broad activation increases the chance of unintended instruction injection into unrelated user requests, reducing user intent fidelity and making the assistant apply copyrighted-style mimicry or strong stylistic constraints when not clearly requested.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The activation guidance authorizes use for broad categories like transforming academic text, writing popular science, and analyzing text characteristics, even without a clear explicit request for this specific style. In an agent system, this can lead to over-selection of the skill and unintended takeover of normal writing tasks, causing policy, quality, or user-intent violations through unsolicited persona/style application.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal