Qiushi Skills

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only Chinese methodology skill pack with broad reasoning influence but no code execution, credential access, network use, or hidden persistence.

Install this only if you want the assistant to use this specific Chinese-language, Maoist methodology framework for reasoning and workflow selection. For a more neutral assistant, keep these skills manual-only or disable automatic invocation; no technical red flags such as code execution, credential use, network calls, or hidden persistence were found.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (19)

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The documented SKILL.md structure says the description determines when the AI should automatically trigger a skill, but it provides no required boundaries, exclusions, or conflict-resolution rules. In an agent framework, vague auto-trigger criteria can cause the wrong skill to activate in unrelated contexts, steering model behavior unexpectedly and increasing prompt-injection or unsafe orchestration risk.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The README states that OpenClaw will automatically decide when to trigger a skill based on the description field, but it does not explain any constraints, tie-breaking, or safety checks. This ambiguity can let broadly worded skills activate too often, potentially overriding user intent or introducing unsafe instructions into agent execution flow.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The skill is configured to trigger at the start of every new top-level conversation, making it effectively an always-on policy layer rather than a narrowly scoped helper. That broad activation can cause unnecessary steering of agent behavior, increase prompt-surface exposure, and create unintended routing into downstream skills even when the user’s task does not warrant it.

Vague Triggers

Medium

Confidence: 83% confidence
Finding: The trigger condition is very broad: any situation with multiple competing tasks could activate this skill, which creates unclear invocation boundaries. In an agentic system, overly generic triggers can cause the skill to fire in many normal workflows, potentially overriding more appropriate task-specific logic and leading to misprioritization or unintended autonomous behavior.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger condition is broad enough to activate during ordinary reasoning whenever a problem seems complex or priorities are unclear. In an agent setting, this can cause the skill to over-apply an ideological decision framework to unrelated tasks, increasing the chance of inappropriate escalation, biased outputs, or unsafe handling of user requests.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger condition is very broad ('when the problem is complex, has multiple conflicting factors, unclear priorities, or you don't know what to solve first'), which overlaps with a large fraction of ordinary user requests. In an agent setting, this can cause over-invocation of the skill, steering the model into an ideological or rigid analytical frame even when simpler, more appropriate handling would suffice.

Natural-Language Policy Violations

Medium

Confidence: 80% confidence
Finding: The skill metadata and content force Chinese-language operation without any indication of user preference or consent. In a multilingual agent environment, this can degrade usability, cause misunderstandings, and override higher-priority instructions about responding in the user's language.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger condition is framed very broadly: 'when work is completed and quality needs review, or when self-improvement is needed' can apply to many ordinary agent actions. In an agent system, such vague activation criteria can cause unintended or excessive invocation, leading to unnecessary behavioral steering, workflow disruption, or misuse as a default post-task routine without explicit user intent.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger condition and description are broad enough to activate in many normal situations involving uncertainty or decision-making. In an agent environment, this can cause over-invocation of the skill, leading to workflow hijacking, unnecessary investigation steps, delayed action, or scope expansion beyond user intent.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger condition '当需要收集多方意见或整合多源信息时触发' is broad enough to match many ordinary tasks, which can cause the skill to activate outside its intended scope. In an agent setting, overly permissive invocation criteria increase the chance of unnecessary data gathering, expanded workflow scope, and unintended use in contexts involving sensitive or irrelevant stakeholder information.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger condition and description are very broad: any situation involving collecting opinions or integrating multiple information sources could activate this skill. In an agent environment, such overbroad routing can cause the skill to intercept many ordinary requests, bias workflow selection, and unintentionally steer the agent into a specific ideological or process framework when a narrower tool would be more appropriate.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger condition is very broad: 'when multiple goals need balancing' can match many normal user requests and cause the skill to activate unexpectedly. In an agent system, over-broad activation can steer planning behavior when it was not requested, increasing the chance of unnecessary autonomy, mis-prioritization, or interference with more appropriate skills.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger condition is broad enough to match many ordinary tasks involving validation, iteration, or learning from results, which can cause the skill to activate outside its intended scope. In an agent system, overbroad activation can bias behavior toward repetitive experimentation or unnecessary process steps, increasing the chance of workflow disruption, wasted resources, or unsafe autonomous actions if 'practice' is interpreted as real-world execution.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The skill’s trigger and description are broad enough to activate for many normal tasks involving validation, iteration, or learning from results. In an agent system, this can cause unnecessary or inappropriate routing, leading the model to apply an expansive action loop where a narrower or safer skill would be more appropriate.

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The trigger condition is broadly defined as applying whenever a task is long-term and complex, which can cause the skill to activate for a wide range of ordinary planning scenarios without clear boundaries or precedence rules. In an agent environment, overly broad activation can lead to inappropriate use of this skill, workflow hijacking, or reduced reliability when more suitable specialized skills should have been selected.

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The manifest description states the skill should be invoked for 'long-term complex tasks' and 'long-term planning' without concrete scope limits, exclusions, or activation criteria. In agent systems, overly broad triggers can cause inappropriate routing and over-application of a strategic-planning skill to tasks that need narrower, safer, or domain-specific handling, increasing the risk of misleading guidance or policy bypass through prompt steering.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The trigger condition is broad enough that an agent could invoke this skill in many loosely related situations involving limited resources or early-stage work. That can cause inappropriate activation, leading the agent to follow a generic expansion-oriented strategy when a narrower or safer workflow would be more appropriate.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The trigger condition is open-ended: it activates whenever a task 'needs multiple methods chained together' without defining clear scope, authorization, or conflict-resolution boundaries. In an agent system, broad activation criteria can cause the workflow skill to self-select too often, override safer narrower skills, or compose powerful capabilities in ways the user did not explicitly request.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger condition is very broad: any task needing multiple methods or combined skills may invoke this skill. In an agentic system, overly generic routing logic can cause unintended activation, over-delegation, or recursive workflow construction that expands scope beyond the user's request. The surrounding content makes this somewhat more operationally significant because the skill explicitly instructs selection, sequencing, execution monitoring, and adjustment of other skills, increasing the chance of cascading behavior if invoked too easily.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal