ClawHub

销售录音诊断专家

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only sales analysis skill, but it can automatically read sensitive local customer and meeting files, profile people, broaden into non-sales business analysis, and save reports without a clear consent step.

Review this skill before installing. Use it only if you are comfortable with the agent reading the named local knowledge-base folders and saving reports that may include customer details, personal stakeholder profiles, relationship maps, and sales strategy. Prefer running it only on specific files you choose and review any saved report before sharing it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill explicitly expands into internal meeting analysis, task assignment, decision logging, channel cooperation, and investment analysis, which goes beyond its declared sales-diagnosis purpose. This scope creep increases the chance the agent will handle unrelated sensitive business content under an overbroad trigger, creating unnecessary data exposure and unintended automation in contexts the user may not have meant to invoke.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
Adding investment-analysis capability is not aligned with the stated role of a sales coaching skill and introduces processing of highly sensitive financial and strategic information. In practice, this broadening makes accidental invocation more dangerous because ordinary analysis requests could route confidential fundraising or valuation material into the skill without clear consent or controls.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger list includes broad phrases such as meeting analysis and deep analysis that can easily match normal conversation. Overbroad activation is dangerous here because the skill is authorized to read local files and write reports, so accidental triggering could cause unintended access to sensitive customer and meeting data.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill instructs the agent to search local directories for customer profiles and full meeting transcripts without any user-facing disclosure or permission checkpoint. Because these files likely contain confidential business and personal data, silent access creates a real risk of privacy violations, oversharing, and unauthorized processing of sensitive local content.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill directs the agent to save generated reports to local storage automatically, but it does not tell the user that derived analyses containing inferred stakeholder profiles and sensitive meeting details will be written to disk. This persistence increases exposure because sensitive conclusions become a durable artifact that may be discoverable, synced, or accessed later by unintended parties.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The example activation phrases include common expressions like analyze this customer, analyze meeting, or sales review, which are likely to occur in ordinary conversation. Given the skill's file-reading and report-writing behavior, ambiguous examples materially increase the risk of accidental invocation and unintended processing of sensitive business information.

Ssd 3

Medium
Confidence
99% confidence
Finding
This workflow directs the agent to ingest customer files and complete meeting transcripts, derive private stakeholder profiles, intentions, and relationship maps, and then persist the resulting report locally. That combination of broad collection, sensitive inference, and storage is dangerous because it amplifies privacy and confidentiality risks far beyond the user's immediate prompt, especially for business secrets and personal assessments of named individuals.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal