ClawHub

Aiseact

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only search-quality skill, but its registry summary and autonomous-mode guidance can make it affect searches more broadly than the main skill docs suggest.

Install only if you want the agent to apply an opinionated source-quality framework to research. Keep manual invocation enabled unless you intentionally want autonomous use, and use commands like “Skip AISEACT,” “Show all sources,” or “Include [source]” when you want broader or alternative-source results. Review the source lists for bias and confirm the package provenance because the registry source metadata is incomplete.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The configuration describes autonomous invocation for 'relevant queries' but does not define clear trigger criteria, exclusions, or safety boundaries. In a skill that can influence search and source-selection behavior, ambiguous auto-triggering can cause the methodology to activate unexpectedly on queries the user did not intend, reducing user control and potentially altering trust, filtering, or research workflow without explicit consent.

Natural-Language Policy Violations

Medium
Confidence
92% confidence
Finding
The document presents a China-centric list of 'authoritative' sources as generally recommended without clearly scoping that recommendation to China-focused research tasks. In an agent skill, this can systematically bias source selection, causing the model to overlook more appropriate local or international primary sources and produce skewed or jurisdictionally incorrect outputs.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal