ClawHub

Comprehensive Knowledge System

Security checks across malware telemetry and agentic risk

Overview

This is a text-only knowledge and prompt library, but it includes under-scoped medical, financial, legal, and other high-stakes guidance templates that users should review before installing.

Install only if you want a very broad Chinese prompt and knowledge reference library. Treat medical, financial, legal, cybersecurity, political, and military outputs as drafts requiring independent review, and do not rely on it for diagnosis, treatment, trading, legal, tax, or operational security decisions without qualified professional oversight.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (12)

Context-Inappropriate Capability

Medium
Confidence
72% confidence
Finding
The skill exposes specialized prompts for regulated or high-stakes domains such as legal, HR, finance, medical compliance, and admissions guidance without visible guardrails, qualification limits, or escalation boundaries. In deployment, this can cause the agent to produce authoritative-sounding professional advice in sensitive contexts, increasing the risk of unsafe reliance, compliance errors, or harmful decisions.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The skill’s activation guidance is very broad and covers common categories like investment, prompt writing, design, and programming without narrow triggers or disambiguation rules. In an agent system, this can cause the skill to activate for loosely related requests, overriding more appropriate tools or injecting unnecessary behavioral constraints and reference material into unrelated conversations.

Natural-Language Policy Violations

Medium
Confidence
82% confidence
Finding
The skill metadata and presentation are Chinese-only and do not state that the skill is restricted to Chinese-speaking users or offer language fallback. In a multi-lingual agent environment, this can degrade usability, cause misunderstanding of instructions, and increase the chance that the model follows opaque constraints the user cannot inspect or correct.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The document presents a deterministic trading rule ('a short move will necessarily be followed by a longer reverse move') as a basis for precise entry timing without any caution about uncertainty, backtesting limits, or risk of loss. In an investment-focused skill, users may reasonably treat this as actionable financial guidance and suffer losses if they rely on the claimed certainty.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This section claims the model can 'precisely predict' movement toward channel boundaries and describes a '履约保证' mechanism implying guaranteed market behavior. Such high-confidence predictive framing can mislead users into overestimating reliability, especially because no uncertainty bounds, market regime caveats, or loss warnings are provided.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The conclusion promotes the theory as a complete closed-loop framework for moving from market description to trading decisions and equates it with physical-law rigor, which may create unjustified trust. Because the skill is explicitly an investment knowledge system, this context makes unsupported certainty more dangerous by increasing the chance of real-world financial reliance.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The file provides concrete investment-style behavioral guidance such as trend-following, stop-loss rules, and position sizing without any disclaimer that the material is educational only and not personalized financial advice. In a skill presented as a comprehensive knowledge system, users may reasonably treat this as actionable advice and make real financial decisions based on it, increasing the risk of monetary loss.

Vague Triggers

Medium
Confidence
90% confidence
Finding
This section defines a broad execution framework that repeatedly says 'await instructions' and supports arbitrary decomposition/execution without any scope limits, safety gates, or trigger constraints. In an agent skill, this makes the behavior overly general-purpose and easier to repurpose for unsafe domains because the skill provides reusable operational scaffolding rather than bounded assistance.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The template section is a generic prompt-construction pattern that can be instantiated for nearly any domain, but it does not define safety boundaries, prohibited uses, or review requirements. That makes the skill broadly reusable for sensitive or harmful workflows while appearing innocuous as a formatting template.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill offers disease-to-diagnosis-medication-treatment plan generation with no warning that the output is not medical advice and no instruction to seek licensed care. In this context, the model is being prompted to produce concrete treatment guidance, which can directly contribute to harmful self-diagnosis, inappropriate drug use, or delayed medical attention.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The investment section instructs the model to generate a complete portfolio/strategy from risk-return-liquidity factors without clarifying that this is not financial advice and without warning about losses or suitability. Users may rely on the output as personalized investment guidance, leading to financial harm or compliance issues.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The prompt suite uses broad activation language such as '执行协议等待指令' and generic execution strategies without defining when the mode should or should not apply. In an agent setting, this can cause the system to over-apply the prompt logic to unrelated or sensitive requests, increasing the risk of unintended instruction capture, unsafe task decomposition, or privilege overreach.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal