ClawHub

WOSO Lib

Security checks across malware telemetry and agentic risk

Overview

This is a text-only women’s football knowledge skill with some content-safety and routing caveats, but no evidence of malicious behavior or unsafe system access.

Installers should understand this is a text knowledge base, not a tool that runs commands. Before installing, consider whether broad triggers might activate it for general World Cup, workload, or menstrual-cycle questions, and be aware that some biography notes include self-harm, suicide-crisis, and substance-misuse material without a warning.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger list includes broad, high-frequency terms such as “世界杯”, “工作量”, and “月经周期”, which can cause the skill to activate in contexts unrelated to this women’s football knowledge base. This creates unintended routing risk: users may be pulled into this skill when asking about general sports, health, or workload topics, leading to irrelevant responses and possible exposure of niche or sensitive content outside the intended scope.

Natural-Language Policy Violations

Medium
Confidence
78% confidence
Finding
The skill mandates Chinese-only responses without offering language negotiation or honoring the user’s language. This can override user intent, reduce transparency, and in multilingual environments cause the agent to respond in an unexpected language, which is a policy and usability weakness even if not a direct security exploit.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This section contains explicit descriptions of suicide crises, self-harm ideation, and substance misuse without any content warning, support framing, or crisis-resource guidance. In a conversational knowledge skill, that can unexpectedly expose vulnerable users to triggering material and the assistant may surface it directly in response to broad women’s football queries.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal