ClawHub

aky-public-opinion 2.0

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Chinese public-opinion report-writing workflow with no hidden code, persistence, or credential handling found.

Install only if you want a Chinese, formal public-opinion and risk-reporting assistant. Review outputs for framing bias, confirm the desired audience and language when needed, and use browser or logged-in source collection only on sites and accounts you are authorized to access.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill advertises activation on very broad requests such as 'write a sentiment analysis report' or 'do sentiment assessment,' which can match many ordinary user intents without clearly requiring public-opinion or government-style analysis. This increases the chance of accidental routing into a politically sensitive workflow that performs extensive media collection and produces framed risk reports the user did not explicitly request.

Natural-Language Policy Violations

Medium
Confidence
82% confidence
Finding
The skill requires Chinese-only output regardless of the user's language or preference, which can override user intent and reduce transparency for multilingual users reviewing politically sensitive analysis. In a skill focused on international media and geopolitical narratives, forced language output can also make it harder for users to verify quoted foreign-source material directly.

Natural-Language Policy Violations

Medium
Confidence
91% confidence
Finding
The template hard-codes a Chinese official-document style as a mandatory default, without any user opt-in, locale selection, or framing that this is just one optional format. In a skill that produces public-opinion and risk reports for government and enterprise use, this can steer outputs toward a state-aligned, authoritative narrative regardless of user intent, increasing the chance of covert persuasion, biased analysis, or misuse in sensitive political contexts.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal