ClawHub

Elegant One Pager Architect

Security checks across malware telemetry and agentic risk

Overview

This skill is a text-only formatter that turns notes into a styled HTML one-page summary and does not request system access or persistence.

Safe to install for creating Chinese styled HTML summaries from notes. Use care when rendering HTML from untrusted source text, and confirm the user wants HTML output when the request only asks for a plain summary.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger conditions are overly broad and can activate on many generic summarization, meeting-notes, executive-summary, formatting, or export requests without clear scoping. This creates skill hijacking and misrouting risk: the agent may invoke this HTML-rendering skill in contexts where users only wanted neutral summarization, causing unintended transformation of content, forced HTML output, and possible unsafe handling of untrusted text in rendered markup.

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
The skill hardcodes Chinese-language behavior and requires direct HTML-only output, ignoring user language preference and reducing transparency. While this is not a classic security bug, it is a genuine safety and policy-alignment issue because forced language/output mode can cause misunderstanding, conceal transformations from users, and increase the chance that harmful or misleading rendered content is delivered without adequate user control.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal