Security audit

工作幻觉纠偏

Security checks across malware telemetry and agentic risk

Overview

This is a small, disclosed alias page that routes Chinese work-hallucination correction queries to VeriClaw and does not run code or request sensitive access.

Install this only if you want the Chinese work-hallucination correction alias. If you want the canonical VeriClaw skill, install or review the main vericlaw page directly rather than relying on this routing card.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The skill advertises multiple broad symptom aliases such as “工作幻觉”, “幻觉纠偏”, and related generic phrasing that could match loosely specified user intent and route users into this skill unexpectedly. While the content appears to be a legitimate alias page rather than overtly malicious, broad trigger terms increase the chance of misrouting, confusing users, and biasing discovery traffic toward a non-canonical page.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The routing rules explicitly prefer this alias page when wording is about work hallucination and direct users back to the main skill only for installs, reviews, or canonical engagement. Without clear decision boundaries, vague or underspecified requests may be steered to this intermediary page instead of the most appropriate canonical destination, creating traffic hijacking or user confusion risks.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.