ClawHub

师爷 - 三模型交叉评审

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real AI review tool, but users should review it carefully because it can send broad document, code, or resume content to a remote model API without clear privacy warnings.

Install only if you are comfortable sending the reviewed content to the configured API provider. Do not use it on secrets, proprietary code, resumes, regulated data, or confidential documents unless that external processing is approved. Prefer environment variables for the API key rather than editing the script, and provide an explicit criteria file when reviewing sensitive material so the tool does not auto-send a sample for criteria generation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The skill claims to use three distinct model providers for cross-review, but all requests are sent to a single DeepSeek-compatible API base. This creates a trust and transparency problem: users may disclose sensitive material believing it is distributed across independent reviewers when it is actually routed through one service, undermining the claimed diversity and potentially concentrating data exposure.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The invocation phrase '师爷,帮我评审一下这个' is underspecified and does not limit what 'this' may contain, so a host agent could route arbitrary user-provided content into the skill. That increases the chance of prompt-scope confusion, accidental processing of sensitive data, or use outside the author's intended review context.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The README states the skill can review '任何文字' and lists many document categories, which makes the functional scope extremely broad. In an agent setting, this kind of open-ended scope can cause the skill to be invoked on inappropriate or sensitive content without sufficient safeguards or domain-specific limitations.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The markdown explains how to configure an API key but does not explicitly warn that submitted documents, code, resumes, and other content will be transmitted to external model APIs for analysis. In this skill's context, users are likely to submit sensitive proprietary or personal material, so lack of disclosure materially increases privacy, confidentiality, and compliance risk.

Missing User Warnings

High
Confidence
98% confidence
Finding
The script embeds user-provided sample content directly into prompts and transmits it to a remote API without a clear warning, consent gate, or data-classification check. In this skill context, users may submit code, resumes, or documents containing secrets, personal data, or proprietary material, so silent external transmission creates substantial confidentiality and compliance risk.

Missing User Warnings

High
Confidence
99% confidence
Finding
When no criteria file is provided, the script automatically uploads part of the sample content to an external model to generate criteria, again without explicit disclosure. This is especially risky because the behavior is implicit: users may think they are only running a local helper and may not realize sensitive content is being transmitted before any review begins.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal