ClawHub

maozedong-methodology-expert

Security checks across malware telemetry and agentic risk

Overview

This is a Chinese-language analysis skill with rigid routing and formatting, but its artifacts do not show credential access, hidden persistence, exfiltration, destructive behavior, or unsafe automatic actions.

Install only if you want this specific Chinese-language Mao methodology workflow. Expect it to ask structured clarification questions, use fixed Chinese sections, and potentially create an HTML report if you choose that output mode; avoid using it for ordinary quick advice or sensitive reports unless you are comfortable with the generated file contents and location.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger criteria are broad enough to capture many generic requests for structured analysis, not just explicit requests to use this specific methodology. Over-broad activation can cause unintended routing, leading the agent to apply an ideologically framed analytical lens where the user did not ask for it, which can distort advice and override safer or more appropriate skills.

Natural-Language Policy Violations

Medium
Confidence
83% confidence
Finding
Forcing Chinese-language interaction without user choice can create consent, comprehension, and safety problems, especially if users operate in another language. Misunderstandings during mandatory clarification may lead to incorrect interpretation of goals, constraints, or risk-sensitive context, reducing reliability and potentially causing harmful advice.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The manifest sets allow_implicit_invocation: true without any narrow activation constraints, so the skill can be auto-selected in situations broader than the user likely intended. Because this skill imposes a rigid interaction style and methodology by default, overbroad invocation can hijack normal conversations, steer outputs away from user intent, and make prompt-routing behavior less predictable.

Natural-Language Policy Violations

Medium
Confidence
94% confidence
Finding
The default prompt mandates Chinese output structure and even an exact sentence, regardless of the user's language or preferences. This creates prompt-level coercion that can override user intent, degrade usability, and act as instruction hijacking by forcing formatting and wording not requested by the user; the risk is higher because the exact-string requirement encourages the agent to prioritize prompt compliance over natural, user-directed behavior.

Natural-Language Policy Violations

Medium
Confidence
90% confidence
Finding
The file is entirely in Chinese and does not provide a language choice, fallback, or documented locale restriction. This can cause users, reviewers, or downstream agents who do not read Chinese to misunderstand mandatory clarification rules, creating inconsistent behavior and reducing the ability to detect unsafe or policy-violating instructions embedded in the skill.

Natural-Language Policy Violations

Medium
Confidence
92% confidence
Finding
The document strongly standardizes interaction in Chinese and does not provide a mechanism to preserve or ask for the user's preferred language. This can cause unsafe misunderstandings, exclude users, and lead the agent to ignore user intent or accessibility needs, especially when discussing complex real-world decisions that depend on precise clarification.

Natural-Language Policy Violations

Medium
Confidence
93% confidence
Finding
The file is entirely written in Chinese and operational guidance assumes Chinese-language interaction, while the metadata says clarifications default to a fixed option format and outputs are confirmed as text or HTML, not language. This can exclude or mislead users who are not Chinese speakers, causing consent, comprehension, and usability issues; in safety-sensitive or governance advice contexts, misunderstanding the guidance can degrade decision quality.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal