ClawHub

unsuck-your-thinking

Security checks across malware telemetry and agentic risk

Overview

This is a Chinese-language coaching prompt for clarifying confusing decisions, with no code, data access, persistence, or privileged behavior.

Install this if you want a direct Chinese-language thinking coach for unclear decisions. Be aware it may trigger on broad phrases like 'help me think' and may give firm advice; for high-stakes medical, legal, financial, employment, or safety decisions, ask for assumptions, alternatives, uncertainty, and qualified professional input.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

High
Confidence
95% confidence
Finding
The skill description mandates activation for very broad, common expressions of uncertainty such as '帮我想想' and even when the user says only a few words or is logically unclear. This creates excessive trigger overlap with normal conversation, increasing the chance the agent invokes this skill when it should use a different skill or remain in general dialogue, which can misroute user requests and override more appropriate safeguards or workflows.

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
The skill metadata and content are written to enforce Chinese-language behavior without indicating that the skill is intentionally locale-specific or offering language negotiation. If the orchestrator uses this skill for users speaking other languages, it can cause misunderstanding, incorrect prompting, or exclusion of users, especially because the trigger is mandatory and broad.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal