ClawHub

Seedancer Github

Security checks across malware telemetry and agentic risk

Overview

This video-generation skill is mostly coherent, but it includes guidance for rewriting recognizable IP to get around copyright or platform review controls.

Install only if you are comfortable reviewing outputs for IP and platform-policy compliance yourself. Avoid using the skill to imitate protected characters, brands, or franchises, and do not use any guidance that tries to get around copyright or content review controls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger list includes very broad everyday phrases such as “视频生成” and “提示词”, which can cause the skill to activate in many unrelated conversations. Over-broad activation increases the chance of unprompted behavior override, unexpected prompt injection into normal user tasks, and accidental routing into this skill when the user did not intend to use it.

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
Forcing Chinese output by default without user opt-in can override user preferences and cause unexpected behavior, especially in multilingual or policy-sensitive contexts. While not directly a code-execution risk, it weakens user control and can make downstream outputs less safe or usable if the user expected another language.

Ssd 4

Medium
Confidence
97% confidence
Finding
The “渐进式降级策略” explicitly teaches users how to iteratively rewrite recognizable IP elements to evade platform copyright and content review controls while preserving the underlying protected aesthetic. This is not merely descriptive compliance advice; it operationalizes circumvention of safeguards and facilitates unauthorized imitation of copyrighted characters, brands, or franchises.

VirusTotal

41/41 vendors flagged this skill as clean.

View on VirusTotal