ClawHub

起名大师

Security checks across malware telemetry and agentic risk

Overview

This is a Chinese naming guide with no executable code or hidden access, but users should choose when to share birth details or use traditional naming frameworks.

Install this if you want Chinese naming help. Use it deliberately for Chinese names or traditional naming analysis, and avoid sharing exact birth date/time unless you want Bazi/Five Elements suggestions. For neutral, non-Chinese, or non-traditional names, tell the agent not to apply the cultural or gendered defaults.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger definition includes a catch-all phrase for essentially any request related to Chinese names, which can cause the skill to activate outside its intended narrow use cases. Over-broad activation increases the chance of misrouting user requests, inappropriate collection of personal birth data, and interference with other safer or more relevant skills.

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
The skill is defined as professionally specialized in Chinese naming and uses Chinese-only trigger phrases without stating locale or language constraints or offering alternatives. This can lead to incorrect activation for users in other languages, poor consent/expectation handling, and user confusion when culturally specific naming logic is applied by default.

Natural-Language Policy Violations

Low
Confidence
91% confidence
Finding
The line "男楚辞,女诗经" applies gender-specific naming guidance without any user preference or opt-in, which can reinforce stereotypes and steer outputs based on assumed gender roles. In a naming skill, this is not a technical exploit, but it is still a real safety and quality issue because it may bias recommendations and reduce inclusivity for users seeking neutral or personalized advice.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal