ClawHub

OAISR - 职业AI替代风险评估

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a job-loss preparation guide, but it asks the agent to take or direct sensitive financial and workplace actions with weak safeguards.

Install only if you want a high-friction job-loss preparation workflow and will keep control over every action. Do not let an agent open bank accounts, automate transfers, publish work, change calendars, or collect employer communications without your explicit approval and a check against your workplace policies and personal legal/financial needs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The activation rule allows the skill to trigger on a bare job title with no explicit request for AI-risk analysis. That can cause unintended invocation, misroute user intent, and lead to irrelevant or confusing responses, but it does not by itself create code execution, data exfiltration, or privilege escalation risk.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The phrase-based trigger on mentions of 'AI replacement risk' is broad enough to match general discussion, comparisons, or meta-conversation rather than a request to run this workflow. This increases the chance of accidental activation and context hijacking, though the skill itself is informational and does not perform sensitive actions.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The English trigger duplicates the same overbroad behavior: a single job title can invoke the skill without confirming the user wants AI displacement analysis. In practice this can produce inappropriate tool selection and degrade reliability across multilingual contexts.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The English phrases about 'AI replacement risk' are underspecified and may match broad topical conversation instead of a direct user request for analysis. This creates accidental activation risk and may suppress a more appropriate response path, but the surrounding skill content is otherwise non-sensitive and analytic.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal