ClawHub
Back to skill

Security audit

bot纠偏

Security checks across malware telemetry and agentic risk

Overview

This appears to be a prompt/routing skill with broad activation wording, but no evidence of hidden code, data access, persistence, or destructive behavior.

Before installing, review whether the trigger wording is too broad for your environment. If it fires on generic troubleshooting or unrelated verification requests, narrow or disable those triggers; otherwise the available evidence supports benign use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The skill metadata and description use broad routing language for bot correction, verification, drift recovery, and claimed progress without evidence, but they do not define clear scope boundaries or exclusions. This can cause the skill to activate for generic troubleshooting or verification-related requests and incorrectly steer users toward this skill, creating prompt-routing hijack or misclassification risk rather than direct code-execution risk.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The listed trigger phrases are short, common, and partly multilingual, but the skill provides no disambiguation rules, negative examples, or confidence thresholds before routing. In a discovery system, this increases the chance of accidental invocation on ambiguous user text, which can override more appropriate skills and degrade security-sensitive workflows that depend on precise intent classification.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.