ClawHub

思考×知识库闭环系统

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed personal thinking and knowledge-base workflow, with local wiki write-back that users should control deliberately.

Install this only in a workspace where local note creation is desired. For safer use, tell the agent to preview target files and ask before writing to wiki/, index.md, or log.md, especially when raw materials contain private or sensitive information.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger phrases for knowledge-base actions are broad enough that ordinary user requests like '帮我整理' could unintentionally activate persistent write behavior. This is dangerous because it can cause file creation or modification without clear, explicit user consent, leading to unexpected state changes in the workspace.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The thinking-mode triggers are vague and based on common phrases like '分析 XXX' or '帮我理清思路,' which may cause unintended invocation of the skill behavior. While this is less severe than automatic writes, it can still unexpectedly alter assistant behavior and chain into more sensitive actions when combined with other broad triggers.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The AGENTS.md rules instruct automatic write-back to wiki files after 'valuable' answers, but they do not require disclosure or confirmation before persistent modification. This is dangerous because the model is being directed to save content and update index/log files autonomously, which can overwrite or create files based on ambiguous judgments.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The usage section explicitly combines analysis with saving results into the knowledge base, but it does not warn users that this will create or modify persistent files. In practice, users may think they are requesting only analysis, while the skill also performs state-changing actions on the filesystem.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal