ClawHub
Back to skill

Security audit

智享写作助手·物哀体系

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only Chinese writing skill, but it explicitly teaches anti-AI-detection and human-authorship simulation techniques that users should review carefully.

Install only if you intentionally want a Chinese rewriting tool that removes AI-writing signals. Use it for transparent editing and creative revision, not for academic dishonesty, fake provenance, impersonation, or bypassing platform or institutional authorship rules. Review edits before accepting them and limit the files the agent can read or modify.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger list contains broad, common phrases such as '中文写作' and '润色' that can match many ordinary user requests, increasing the chance of accidental invocation outside the user's intent. This is risky because the skill performs strong stylistic rewriting and could unexpectedly steer unrelated writing tasks into its specialized anti-detection/humanization workflow.

Natural-Language Policy Violations

Medium
Confidence
89% confidence
Finding
The skill description is explicitly Chinese-only and the body of the skill is written as mandatory Chinese-language operating guidance without any opt-in or language negotiation. If auto-invoked, this can override user preferences, degrade usability, and cause unintended language switching or output constraints in contexts where the user did not request Chinese.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.