ClawHub
Back to skill

Security audit

Auto Dealer Pro

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only car dealership marketing skill with no executable code, credentials, or hidden access, though users should review its sales claims and customer-data handling before use.

Safe to install as a marketing-writing aid. Before using outputs publicly or with customers, verify all prices, discounts, subsidies, warranty, availability, performance, and competitor-comparison claims, and avoid entering unnecessary customer names or phone numbers unless your privacy and consent requirements are met.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger list includes broad, commonly used automotive terms such as “卖车”, “试驾”, and “比亚迪”, which can cause the skill to activate in conversations that are only loosely related to dealership workflows. Unintended activation can hijack user intent, inject domain-specific sales content into unrelated contexts, and increase the chance that the agent follows inappropriate dealership guidance when the user did not explicitly request it.

Natural-Language Policy Violations

Medium
Confidence
83% confidence
Finding
The skill description and body are entirely Chinese and imply Chinese-language operation by default, without indicating any language negotiation or fallback based on user preference. This can cause the agent to respond in the wrong language, reducing usability and potentially causing misunderstandings in sales, customer handling, or operational guidance.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal