ClawHub

JIANYAOFANGAN01

Security checks across malware telemetry and agentic risk

Overview

This is a coherent proposal-writing skill with disclosed local saving and Feishu document handling, but users should be careful with sensitive proposal content.

Install only if you are comfortable with proposal drafts being saved locally and generated documents being uploaded to a Feishu folder you specify. Avoid putting credentials, high-sensitivity security details, internal costs, names, or competitor information into saved state unless necessary, and delete saved proposal JSON files when they are no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The primary trigger includes the generic phrase “简要方案”, which is broad enough to overlap with ordinary user conversation about writing a brief proposal rather than an intentional skill invocation. This can cause the skill to activate unexpectedly and begin stateful or file-related operations without sufficiently explicit user intent.

Vague Triggers

Medium
Confidence
91% confidence
Finding
Control phrases like “保存并退出”, “暂停”, and “先保存” are common conversational expressions and may be spoken in a non-command context. If interpreted as skill controls, they could trigger unintended persistence of proposal contents to disk or alter workflow state without a deliberate command.

Vague Triggers

Medium
Confidence
90% confidence
Finding
Recovery phrases such as “继续之前的方案”, “继续写方案”, and “恢复方案” are semantically broad and could match normal conversation. This creates a risk of loading prior saved content or enumerating saved proposals when the user did not intend to access persisted state.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill persists proposal content as JSON and scans the `proposals/` directory to resume work, but the specification does not require clear user disclosure or consent for local storage and file enumeration. Because proposals may contain internal planning, security, budgeting, or government/enterprise information, silent persistence increases privacy and confidentiality risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The workflow includes uploading generated documents to Feishu cloud storage and later downloading them for AI review, but it lacks explicit privacy and transmission disclosures. In the stated use cases, documents may contain sensitive organizational, security-planning, or budget information, so undisclosed external transfer materially raises confidentiality and compliance risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal