ClawHub

Intent Translation Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is a Chinese-language prompt-clarifying helper that asks questions and turns vague user ideas into structured AI prompts, with no hidden access or unsafe execution found.

Install this if you want a Chinese-language helper for turning unclear ideas into AI-ready prompts. Avoid entering private names, equity terms, finances, workplace conflicts, or relationship details unless you are comfortable including them in a prompt you may paste into another AI service; treat legal, financial, and career outputs as drafting help, not professional advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The listed startup phrases are very broad and resemble ordinary user requests, so the skill could be invoked unintentionally during normal conversation. That can hijack routing, override user intent, or cause the assistant to enter this skill when the user only wanted general help, reducing reliability and potentially misdirecting sensitive discussions.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The marketing language encourages activation through vague, natural phrasing without clearly separating promotional examples from actual trigger conditions. This increases the chance that normal discussion, especially around creative or decision-support topics, is misclassified as a skill invocation.

Natural-Language Policy Violations

Medium
Confidence
78% confidence
Finding
The skill is written entirely in Chinese and presents itself as a Chinese-language interaction experience without stating that language will adapt to user preference. This can cause unexpected language switching or exclusion of users who did not opt into Chinese, which is a usability and policy risk rather than a direct exploit.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal