ClawHub
Back to skill

Security audit

Courseware Generation

Security checks across malware telemetry and agentic risk

Overview

This is a Chinese-language courseware-generation helper that saves teaching-material files and shows no hidden network, credential, or destructive behavior.

Install this if you want a Chinese-language workflow for generating courseware or slide materials. Review generated files before sharing, remove sensitive information from any custom exemplars, and be aware that the skill may activate on common courseware/PPT requests.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrases are very broad and include common course-creation terms, which can cause the skill to activate in situations beyond the user's clear intent. In an agent environment, ambiguous activation boundaries increase the chance of unintended file-generation workflows or inappropriate instruction precedence being applied to ordinary educational requests.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill instructs saving generated output as files and telling the user where those files are located, but it does not clearly disclose this side effect up front or require user confirmation. In an agentic context, silent or assumed file creation can lead to unexpected persistence of sensitive content, workspace clutter, or unsafe handling of generated materials.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The exemplar is written entirely in Chinese with no language-selection mechanism, translation fallback, or documented locale restriction. In a general-purpose agent skill, this can cause operators or downstream safety reviewers who do not read Chinese to misunderstand behavior, miss unsafe instructions, or be unable to validate outputs, which weakens oversight and safe use.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal