ClawHub

伺服电机课程智能体

Security checks across malware telemetry and agentic risk

Overview

This appears to be an educational course skill, but it silently loads its interface from a remote website that can change after review.

Review before installing. The main risk is that the skill can silently load a remote page that was not fully captured in the reviewed package, so the visible UI and scripts could change later. Prefer a version that packages the UI locally or clearly discloses and pins any external content. Any electrical experiment guidance should be used only in supervised lab settings with proper safety procedures.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (6)

Context-Inappropriate Capability

Low
Confidence
89% confidence
Finding
The HTML loads external Google Fonts resources from fonts.googleapis.com/fonts.gstatic.com inside an iframe, which causes unsolicited third-party network requests and leaks user metadata such as IP address, user agent, timing, and referrer context. For a largely self-contained educational skill, this external dependency is unnecessary and expands the tracking and supply-chain surface without clear justification.

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The loader retrieves HTML from an external OSS URL and writes it directly into the current document with document.open/write/close, effectively handing full control of the skill UI and script execution to remotely hosted content. Because that remote content is not described in the manifest and can be changed independently of the reviewed package, it creates a supply-chain style code injection surface that can enable phishing, data exfiltration, or arbitrary script execution in the skill context.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
A course Q&A and practice skill has no clear functional need to download arbitrary remote HTML and replace the entire page, so this capability is disproportionate to the stated educational purpose. That mismatch increases risk because the mechanism can be repurposed to deliver hidden behavior unrelated to the declared functionality, including deceptive interfaces or active content that escapes normal review of packaged assets.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger conditions are broad and keyword-based, including common domain terms like '变压器', '绕组', and '磁动势', which can cause the skill to activate in unrelated conversations. Over-broad triggering can route user requests to the wrong skill, causing context confusion, degraded response integrity, and unintended access to skill-specific resources or instructions.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The page silently pulls remote HTML and swaps the document without informing the user that externally hosted content is being loaded. This reduces transparency and makes social engineering or unexpected collection of user interactions more plausible, since users believe they are interacting only with the reviewed local skill while the visible interface is actually controlled by a remote server.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The file includes electrical machine test and operating procedures involving energized equipment, short-circuit testing, startup methods, and synchronization concepts without prominent safety warnings, PPE requirements, supervision expectations, or lockout/isolation guidance. In an educational skill, users may treat the material as procedural guidance, increasing the risk of unsafe real-world experimentation, equipment damage, or electrical injury.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal