ClawHub
Back to skill

Security audit

Product Dev Ops Package

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only workflow skill for organizing product, development, and operations documents, with no evidence of hidden execution or data exfiltration.

Install only if you want an agent-guided product/dev/ops workflow. Before using /开工, /研讨, or /归档, confirm the workspace and review planned file changes. Avoid storing interview recordings, photos, or personal details unless you have consent and an approved storage/retention policy.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (9)

Vague Triggers

Medium
Confidence
96% confidence
Finding
The skill uses broad natural-language trigger phrases such as “我想做一个…” and “有个需求…”, which are likely to appear in ordinary conversation and can silently force a role switch without explicit user intent. In a multi-role skill, this creates prompt-routing confusion and can change the assistant’s behavior model unexpectedly, increasing the chance of unauthorized workflow transitions, misleading output, or bypass of the user’s intended interaction mode.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The activation phrases are broad, natural-language prompts such as asking how to design an API or choose a technical solution. In a multi-agent or routing environment, this can cause the architect role to trigger unexpectedly during ordinary conversation, leading to unintended role switching, overreach into unrelated tasks, or disclosure of internal process guidance. The skill context makes this somewhat more risky because the role is empowered to influence architecture and API decisions across the workflow.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The activation phrases are very broad, including common requests like '这段代码怎么写?' and effectively 'all development-related discussion after Why is frozen.' In a multi-skill environment, this can cause unintended routing into this agent, letting it assume authority and act autonomously in contexts where the user did not explicitly invoke it.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The activation phrases are generic, natural-language questions such as '谁来管这个系统?' and '成功的标准是什么?', which are likely to appear in normal product or operations discussions. This can cause unintended role activation, leading the agent to switch behavior or inject operational guidance outside the user's intent, especially in multi-agent or routing-based systems.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The activation phrases are broad natural-language triggers like '我想做一个…' and '有个需求…', which are likely to match ordinary conversation and unintentionally switch the agent into this role. In a multi-skill environment, that can cause misrouting, unexpected behavior, or premature execution of the product-manager workflow without clear user intent.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The skill instructs the agent to output or write artifacts to specific files/directories such as WHY.md and 00-work/interview/workshop/ without an explicit disclosure or consent boundary. If the hosting agent has filesystem or workspace write capabilities, this can lead to unexpected persistence of user content, accidental overwrites, or creation of project artifacts the user did not knowingly authorize.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The command explicitly instructs moving project documents into an archive directory and appending entries to CHANGELOG, but it does not clearly warn the user that it will modify repository files. In an agent context, hidden or insufficiently disclosed write operations can cause unintended changes, data relocation, or workflow disruption if the user expects a read-only summarization step.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The command explicitly states that it will automatically create directories in the current workspace, but it does not require confirmation, define scope limits, or warn users about filesystem side effects. In an agent environment, silent workspace modification can lead to unintended file creation, repository pollution, or writes in a sensitive working directory if the user misunderstands the command context.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The template explicitly includes interview recordings, video, photos, and related documents as attachments but provides no guidance on obtaining informed consent, minimizing sensitive data collection, or handling storage/access controls. In a customer interview workflow, this can lead to unauthorized collection or retention of personal data, creating privacy, legal, and compliance exposure.

VirusTotal

55/55 vendors flagged this skill as clean.

View on VirusTotal