ClawHub

答案之书.skill

Security checks across malware telemetry and agentic risk

Overview

This is a coherent offline quote-answer skill, with local storage of the latest user question and answer that users should understand before installing.

Install if you want an offline answer-book style skill. Avoid entering highly sensitive personal questions unless you are comfortable with your latest question and answer being saved in a local SQLite file, and consider deleting or relocating the database if you need tighter control.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The skill tells users that history/borrowing records are disabled, but the code still stores per-user state including the last question, last answer, selected book, and timestamp via load_user_state/save_user_state. This is a privacy and transparency issue because users may reasonably rely on the message to assume no conversational data is retained, while the application continues to persist identifiable interaction context.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README explicitly documents persistent storage of each user's last question, last answer, selected book, and timestamp, but it does not provide any privacy notice, consent guidance, retention policy, or warning that user prompts may contain sensitive personal reflections. In this skill's context, users are encouraged to ask intimate, emotional, and potentially revealing questions, so undocumented storage increases privacy and compliance risk if the database is accessed, shared, or retained longer than users expect.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The launch intent includes very generic utterances like “开始” and “欢迎”, which can overlap with normal conversation or other skills' invocation patterns. This can cause unintended skill activation or routing ambiguity, especially in voice/NLU environments where short common phrases are easily misrecognized.

Vague Triggers

High
Confidence
98% confidence
Finding
The bare `{question}` sample acts as an unconstrained catch-all that can absorb nearly any user utterance, making the intent overly permissive. In practice this can overshadow other intents, trigger on unintended input, and route arbitrary speech into downstream logic that stores or processes user text, increasing the chance of abuse, confusion, or unsafe handling.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal