ClawHub
Back to skill

Security audit

Deep Think

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only reasoning template with some usability caveats, but it does not request dangerous access or perform hidden actions.

Install this if you want a structured deep-analysis response style. Be aware it may activate for broad requests for detail and may produce Chinese section labels/templates, so users who need concise answers or another language may need to override the style explicitly.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger description includes a broad catch-all phrase ('or similar expressions') without clear boundaries, so the skill may activate for loosely related requests and override more appropriate skills or response policies. In an agent setting, ambiguous activation expands the prompt surface and can cause misrouting, inconsistent behavior, or unintended disclosure of structured reasoning formats.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The activation section specifies when to trigger but does not define when not to trigger, making the skill prone to over-activation on any request that appears to ask for detail. In context, this skill pushes a specific reasoning workflow, so underspecified gating can interfere with safer or more specialized instructions and increase the chance of policy-inconsistent responses.

Natural-Language Policy Violations

Medium
Confidence
87% confidence
Finding
The mandated Chinese-language output template forces a fixed locale without checking the user's language or documenting a justified restriction. This can degrade usability, cause misunderstanding, and in safety-sensitive contexts lead users to miss important qualifiers, risks, or next steps because the response is delivered in an unexpected language.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal