ClawHub

Turn Any Book into a Working Agent 一键把书变成员工

Security checks across malware telemetry and agentic risk

Overview

The skill has a clear book-to-agent purpose, but it can create persistent skill files from book-derived names without enough containment or activation controls.

Run this only in a clean folder containing the intended book. Review the generated SKILL.md before using or publishing it, and rename generated agents to a simple safe name without slashes, dot-dot paths, shell metacharacters, or instruction-like text.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The activation phrase "请作为《{book_title}》专家帮助我..." is broad and likely to overlap with ordinary user conversation, which can cause accidental invocation of the generated skill. In agent systems that route or prioritize skills based on trigger phrases, ambiguous activation increases the risk of unintended behavior, misrouting, or prompt/scope confusion.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The generated SKILL instructions tell users to activate the agent with a vague natural-language phrase rather than a constrained command. This makes collisions with normal requests more likely and can unintentionally activate the generated role in contexts where the user did not intend to delegate to that skill.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The example activation phrase uses a generic request pattern that resembles ordinary conversation, making accidental triggering plausible. In ecosystems with many skills, this can lead to skill collision and unintended role adoption, which is a real security and safety concern when capabilities differ across skills.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The Windows example repeats the same vague activation pattern, reinforcing an unsafe invocation model across platforms. Consistently broad triggers increase the chance that downstream generated skills will be invoked unintentionally, especially when copied verbatim by users or developers.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal