ClawHub

한국 연금/노후 설계

Security checks across malware telemetry and agentic risk

Overview

This is a Korean pension-planning guidance skill with some broad routing and privacy cautions, but no included executable code, hidden persistence, or deceptive behavior.

Install this only if you want Korean pension and retirement-planning assistance. Treat its outputs as estimates, verify current amounts and rules with official NPS/My Pension or government sources, approve any external lookup before use, and do not provide full resident-registration numbers, passwords, login sessions, or unnecessary income and asset details.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger list contains several broad, common phrases such as '노후 준비', '은퇴 계획', and '예상 수령액' that can appear in ordinary financial or life-planning conversations. This can cause unintended activation or misrouting into the pension skill, increasing the chance of irrelevant responses, privacy over-collection of financial details, or interference with a more appropriate skill.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The auto-switch trigger uses very generic words like 'easily', 'first time', or 'difficult', which can appear in many normal pension questions without the user actually requesting simplified handling. This can cause misrouting or oversimplification of financial guidance, leading to answers that omit important nuance, but it does not create a direct security exploit by itself.

Natural-Language Policy Violations

Medium
Confidence
72% confidence
Finding
Forcing beginner mode without opt-in can override the user's preferred depth and potentially their language or locale expectations, especially in a domain like pensions where regulatory and tax details matter. The main risk is degraded accuracy, omission of necessary detail, or a poorer user experience rather than a classic security compromise.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal