求是skill

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Chinese-language methodology skill pack that guides reasoning and planning without requesting tools, credentials, file access, network access, or persistence.

Install this only if you want a Chinese-language Mao-inspired reasoning framework to influence planning, prioritization, review, and skill-routing behavior. If you prefer skills that run only on explicit request, pay particular attention to the broad auto-trigger behavior in arming-thought.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (16)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The README states that OpenClaw auto-triggers skills based on the `description` field, but provides no constraints, matching rules, or negative examples to bound activation. In an agent framework, vague trigger semantics can cause unintended skill invocation, leading the model to apply the wrong behavioral instructions in unrelated contexts and potentially override safer task-specific behavior.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The SKILL.md template uses the placeholder `当...时触发此技能`, which encourages authors to supply broad or underspecified activation conditions. Because these skills shape agent reasoning and actions, ambiguous triggers increase the chance of accidental activation, prompt-surface expansion, and behavior drift into contexts where the skill is inappropriate.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The skill is configured to auto-trigger at the start of every new top-level conversation, which gives it broad influence over unrelated user requests and increases the chance of unnecessary interception or routing. Even though the content is framed as methodology rather than overtly harmful behavior, global automatic invocation can override user intent, create prompt-injection surface area, and cause unsafe or inappropriate downstream skill selection if the agent treats this file as authoritative.

Natural-Language Policy Violations

Medium

Confidence: 84% confidence
Finding: The skill is written entirely in Chinese and describes behavior without offering language negotiation or preserving the user's current locale, which can force responses or internal control flow into an unintended language context. This is primarily a policy and usability risk, but in agent systems it can also impair safety review, confuse users, and cause misexecution when downstream skills or host instructions expect another language.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger condition is very broad: it activates whenever a problem is complex, has multiple factors, unclear priorities, or the user is unsure what to solve first. That overlaps with many ordinary assistant interactions, increasing the chance this skill will activate unexpectedly and steer responses into its prescribed framework instead of following user intent or safer routing logic.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The activation description is very broad: it triggers whenever a problem is complex, has conflicting factors, unclear priorities, or the user does not know what to solve first. Those conditions overlap with a large share of ordinary user requests, so the skill may be selected too often and steer responses into an ideology-specific framework without clear user intent. In a skill-routing system, this can cause overreach, hidden prompt steering, and suppression of better-matched tools.

Natural-Language Policy Violations

Medium

Confidence: 79% confidence
Finding: The manifest display name and description are presented only in Chinese, with no indication that language should follow user preference or locale. In multilingual environments, this can bias skill selection, reduce transparency for non-Chinese users, and make policy or behavioral constraints harder for operators to review. While not directly code-executable, forced language can be used as a soft control channel that obscures the skill's behavior.

Vague Triggers

Medium

Confidence: 83% confidence
Finding: The description says the skill should be called whenever work is completed to review quality or improve performance, which is a broad trigger with no concrete activation boundaries. In an agent setting, this can cause over-invocation, prompt drift, or unnecessary routing into a self-critique workflow that may interfere with user intent or amplify undesirable behavior.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger condition '当需要收集多方意见或整合多源信息时触发' is broad and generic, so an agent could invoke this skill in many normal tasks without clear user intent or tighter scoping. Over-broad activation can cause unintended delegation, unnecessary data gathering, or inappropriate use of multi-party input workflows in contexts involving sensitive or time-critical decisions.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger condition and description are broad enough to activate on many ordinary tasks involving collecting opinions or synthesizing information. In an agent system, this can cause inappropriate skill selection, steer outputs toward the skill's ideological workflow, and override more suitable domain-specific or user-directed behavior.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The description says the skill should be invoked whenever it is necessary to collect multiple opinions or integrate multi-source information, which is a very broad condition that can match many ordinary user tasks. In an agentic system this can cause over-activation, leading the agent to route unrelated requests through this ideological skill and potentially bias responses or expand the skill's influence beyond its intended scope.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger condition is defined very broadly as 'when verification, iteration, or learning from practice is needed,' which overlaps with many ordinary agent tasks. In an agent skill system, overly broad activation criteria can cause accidental invocation, leading the agent to follow this framework when it is not appropriate and potentially causing unnecessary actions, iterative loops, or deviation from user intent.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger condition 'when facing long-term complex tasks and needing to formulate a long-term plan' is subjective and broadly worded, so an agent may invoke this skill in situations the user did not explicitly request. That can steer behavior toward a specific planning framework and cause unnecessary or unintended takeover of task decomposition, especially in multi-skill systems with automatic routing.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger condition is broad enough to match many ordinary multi-step requests, which can cause this orchestration skill to activate too often and steer the agent into unnecessary planning behavior. In an agentic system, over-broad routing can override more specific skills, increase prompt surface area, and create unintended chaining across capabilities.

Natural-Language Policy Violations

Medium

Confidence: 81% confidence
Finding: The skill content is written entirely in Chinese and effectively constrains behavior to Chinese without any user preference check, which can cause mismatches with user language, misunderstandings, or reduced transparency in safety-critical interactions. While not directly enabling code execution or privilege abuse, forced language can degrade oversight and make downstream actions harder for users and reviewers to validate.

Vague Triggers

Medium

Confidence: 81% confidence
Finding: The description says the skill should be invoked whenever a task 'clearly requires multiple methods in sequence' and 'multiple skills' need to be combined, which is broad and subjective. Ambiguous activation criteria can cause over-invocation, letting this workflow intercept tasks outside its intended scope and potentially steer agent behavior in unintended ways, especially since it presents a generalized methodology framework.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal