ClawHub

Ultimate Domain Payload

Security checks across malware telemetry and agentic risk

Overview

This is a broad markdown workflow skill, but it asks agents to auto-install another skill and includes high-stakes health, legal, financial, and civic action playbooks that need careful review.

Install only if you intentionally want a broad Chinese-language cross-domain planning payload. Before use, disable or require confirmation for automatic installation of universal-task-os, treat medical/legal/financial outputs as drafts for qualified professional review, and avoid using the civic/opinion workflows for deceptive amplification, harassment, or publishing without human approval.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (25)

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
This section provides a concrete workflow for '舆论引导' (opinion steering), including strategy design, creation of guiding content, and execution of influence actions. In the context of a general-purpose civic orchestration skill, that goes beyond neutral civic education and meaningfully increases the chance the skill is used for manipulative persuasion, misinformation amplification, or coordinated narrative shaping.

Context-Inappropriate Capability

Medium
Confidence
79% confidence
Finding
The petition section operationalizes collective mobilization by instructing the user to define targets, design a petition plan, organize participation, and execute the action. While petitions can be legitimate civic activity, embedding a ready-made mobilization playbook in a broad orchestration payload increases the risk of the tool being repurposed for pressure campaigns without adequate legal, safety, or anti-abuse constraints.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
These repeated opinion-guidance workflows broaden the skill from civic templates into reusable playbooks for influencing public sentiment across education and environmental topics. Repetition across domains makes misuse easier by normalizing narrative-control tactics as standard workflow steps rather than exceptional, tightly constrained communication activities.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger list is extremely broad and generic for a high-scope orchestration skill, increasing the chance of accidental activation on ordinary user requests about life domains, planning, or cross-domain work. Because the skill is designed to influence task routing and orchestration across many domains, ambiguous activation can cause unintended behavior, overreach, or invocation in contexts the user did not explicitly request.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill explicitly instructs automatic installation of the `universal-task-os` dependency whenever it is missing, without prior user consent or a clear warning. Auto-installing another skill expands the trust boundary, can introduce unreviewed code or prompt behavior, and allows this skill to bootstrap additional capabilities beyond what the user directly approved.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This catalog defines extensive health tasks including symptom analysis, differential diagnosis, emergency triage, treatment comparison, medication management, and postoperative recovery, but it does not include any visible warning that the content is informational only, may be incomplete, and cannot replace licensed medical care. In the context of an agent skill that can be operationalized by downstream systems, the omission increases the risk that users or orchestrators treat the skill as authoritative clinical guidance, which could delay urgent care or enable unsafe self-management.

Missing User Warnings

High
Confidence
96% confidence
Finding
The psychological crisis exemplar includes severe depression, suicidal ideation, emergency triage, and treatment guidance, but it does not clearly state that the content is not a substitute for licensed emergency, psychiatric, or crisis services. In a mental health crisis context, omission of that boundary can cause users to over-rely on the workflow instead of immediately contacting local emergency services, a suicide hotline, or an in-person clinician, increasing risk of self-harm or delayed lifesaving intervention.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This file provides structured guidance on diagnosis support, treatment comparison, medication management, and emergency-triage decisions, but does not clearly warn that it is not a substitute for licensed medical care. In the context of an orchestration skill intended for broad cross-domain use, users or downstream agents may over-trust the content and act on it inappropriately, creating a real safety risk, especially around urgent symptoms and treatment decisions.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly directs generation of financial plans, reports, and recommendations, but it does not include any warning that outputs may be incomplete, incorrect, unsuitable for a user's jurisdiction, or that licensed financial/tax/legal professionals may be needed. In a wealth-management context, users may over-trust the skill's outputs and act on investment, tax, or inheritance guidance, creating material financial loss or compliance risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This catalog includes structured tasks for investment selection, tax planning, insurance configuration, and will/trust planning, all of which are regulated or high-stakes domains where incorrect guidance can cause financial loss, compliance issues, or legal harm. In this skill context, the danger is increased because the file presents these activities as executable workflow components without any visible caution, suitability checks, jurisdiction limits, or recommendation to seek licensed professional review.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The file gives concrete, step-by-step financial, investment, insurance, tax, and estate-planning actions with specific allocations, products, and planning steps, but it does not clearly warn that the material is illustrative only and not personalized professional advice. In an agent skill context, users may treat these exemplars as authoritative instructions and act on them without suitability, jurisdiction, or licensing checks, creating a realistic risk of harmful financial or legal decisions.

Natural-Language Policy Violations

Medium
Confidence
89% confidence
Finding
The skill is documented only in Chinese with no language-selection mechanism or stated locale limitation, which can cause operators, reviewers, or downstream agents to misunderstand instructions, constraints, and dependencies. In a composable orchestration skill that delegates execution to other systems, this increases the chance of unsafe misconfiguration, missed policy requirements, or incorrect task routing due to translation gaps.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The workflow explicitly instructs users to create and optimize social-media accounts, publish content, and interact with followers, but it omits safeguards around privacy settings, audience separation, doxxing risk, account security, and platform compliance. In a reusable skill intended for broad execution, this omission can lead users to expose personal data, damage reputation, or violate platform rules without realizing the risks.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The community-creation guidance tells users to choose a platform, create rules, recruit members, and start operations, but it does not require moderation controls, consent practices, data-handling boundaries, or escalation for abuse and conflicts. Because communities inherently involve member communications and possibly personal data, the lack of these guardrails creates foreseeable privacy, safety, and legal/compliance risks.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The exemplar encourages public speaking, offline sharing, and livestreaming without warning that these activities may be recorded, redistributed, and tied permanently to the speaker's identity and professional reputation. Users may inadvertently disclose sensitive personal, workplace, student, or third-party information, especially in an education-themed branding context where confidentiality concerns can be significant.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The exemplars direct collection and handling of sensitive information such as employee files, communication records, customer information, and financial/legal materials, but they do not include any privacy, confidentiality, minimization, retention, or access-control guidance. In a legal workflow skill, users may treat the steps as operationally complete, which creates a realistic risk of improper disclosure or noncompliant handling of protected data.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The cross-border IP workflow instructs users to translate application materials, select U.S. agents, and submit documents to U.S. authorities, but it omits any warning that the materials may be transmitted to foreign jurisdictions or third-party service providers. That omission can lead to unauthorized cross-border transfer of confidential technical, commercial, or personal data, especially in a legal/IP context where trade secrets and regulated information may be embedded in the submission package.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The file defines workflows for processing highly sensitive legal and personal information such as identity details, contracts, employment matters, disputes, and inheritance, but it provides no privacy, confidentiality, minimization, or secure-handling guidance. In a reusable agent skill, that omission can lead downstream systems or users to collect, retain, or expose regulated data without safeguards, increasing risk of privacy violations and unauthorized disclosure.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The file gives step-by-step guidance for data migration, backup, and broader data handling involving Trello, Excel, email, and business systems, but it omits basic safeguards such as data classification, consent/authorization checks, backup encryption, access controls, rollback planning, and privacy/compliance warnings. In a skill intended for broad cross-domain orchestration, this omission can normalize unsafe handling of personal and business data and lead users to perform risky operations that cause data leakage, integrity loss, or noncompliant processing.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The description and repeated wording delegate execution to UTOS in broad terms without defining concrete activation boundaries, authorization checks, or safe input constraints. In an agent ecosystem, vague execution triggers increase the chance that unrelated user requests are routed into this skill or its dependencies, causing overbroad orchestration, unintended cross-domain actions, or misuse of downstream capabilities.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The workflow directs collection of community basic data, resident information, and later child/community data, but provides no privacy, minimization, consent, or lawful-basis constraints. In a civic context, these data categories can include personal or sensitive information, creating risks of privacy violations, unauthorized profiling, and misuse of vulnerable populations' data.

Missing User Warnings

Low
Confidence
73% confidence
Finding
The donation workflow includes setting budgets and executing donations without warning that the actions may involve real financial commitments and potential fraud or misallocation risks. This is less severe than direct manipulation content, but it can still lead users to make financial decisions without adequate verification, authorization, or spending controls.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This public-expression block covers social-media posting, citizen reporting, advocacy, and opinion-guidance activities but omits warnings about defamation, privacy, misinformation, platform abuse, or reputational harm. Because the skill presents these as executable workflows, users may treat risky public communications as routine actions without appropriate verification and legal/ethical checks.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This file provides structured mental-health-oriented guidance for meaning crisis, sleep decline, grief, existential distress, and related coping steps, but it does not prominently state that the material is not a substitute for licensed clinical or crisis support. Users with depression, suicidality, trauma, or other serious conditions could over-rely on self-help workflows and delay necessary professional intervention.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The bereavement exemplar assesses the user as being in a 'depression stage' and provides coping instructions and rebuilding steps without a clear boundary that severe grief or depressive symptoms require professional evaluation. In a vulnerable post-loss context, this can normalize self-management of potentially serious clinical symptoms and increase the risk of delayed treatment or deterioration.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal