ClawHub

Cangjie Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed book-to-skill workflow that reads user-provided book text and writes derived notes and skill files, with no evidence of hidden execution, credential access, exfiltration, or destructive behavior.

Install only if you are comfortable giving the agent access to the specific book text you provide and letting it generate a multi-file skill package. For private or copyrighted books, confirm the text source, output directory, language, and whether to use multiple sub-agents before running.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger section uses example phrases like '帮我拆《XX》' and 'distill this book into skills' without tightly constraining scope, input type, or requiring explicit confirmation before activation. This can cause the skill to be invoked on loosely related requests, leading to unexpected processing of large copyrighted texts, unnecessary tool use, or accidental workflow takeover from a user’s broader intent.

Natural-Language Policy Violations

Medium
Confidence
81% confidence
Finding
The top-level description is written to steer behavior toward Chinese-only interaction without offering a user language preference. While not a classic security flaw, it can cause unsafe mismatches in multilingual environments, such as misunderstanding user instructions, generating inaccessible outputs, or overriding organizational language policies.

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
The human-facing deliverables require a specific Chinese-style output format and tone for LEARNING_NOTE.md and TALKING_POINTS.md, but do not allow user opt-in or locale selection. In practice this can produce confusing or noncompliant outputs for users expecting another language, increasing the chance of miscommunication and unintended disclosure through mistranslation or unusable artifacts.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
This skill is authored entirely in Chinese while the metadata does not declare a Chinese-only locale or offer an alternative language path. In an agent setting, that can cause incorrect parsing, skipped safety constraints, or misuse by non-Chinese-speaking users or downstream agents that assume English-default behavior, leading to unreliable or unsafe execution of the methodology.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal