ClawHub

Story Short Write

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Chinese short-story writing skill that creates and edits local manuscript files as part of its stated purpose, with no evidence of exfiltration, credential access, or hidden persistence.

Install only if you want a skill that actively creates and edits story-project files in your workspace. Use it in a dedicated story directory, review generated files before relying on them, and be mindful that its market-style writing guidance may steer tone, audience assumptions, and relationship tropes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The workflow explicitly instructs the agent to write directly to local files and later modify them, which expands the skill from conversational assistance into filesystem-changing behavior. Even in a writing skill, this can cause unintended overwrites, silent data loss, or modification of user content if the agent acts without explicit per-action consent and clear path constraints.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The skill instructs running a local Node.js script as part of the workflow, introducing code-execution capability that is not necessary for basic story-writing assistance. Any instruction to execute local scripts increases risk because it can trigger unintended side effects, rely on untrusted local code, or normalize execution behavior beyond the user's expectation for a writing tool.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger list includes broad natural-language phrases like '帮我写一篇短篇' and '写个盐言故事', which could cause the skill to activate in ordinary conversation without deliberate intent. Because this skill performs multi-step file reads/writes and may invoke subagents or project workflows, accidental activation can lead to unintended workspace modifications or unnecessary agent actions.

Natural-Language Policy Violations

Medium
Confidence
91% confidence
Finding
This section hard-codes a binary gendered framing ('男频/女频') and prescribes different relationship norms, reader expectations, and character treatment without offering neutral alternatives or asking the user which audience they want. In a writing-assistant skill, this can steer outputs toward stereotyped or exclusionary content, reducing user agency and causing biased or mismatched generation for users outside those assumptions.

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
The file establishes Chinese writing and formatting conventions as the default output behavior unless the user or platform explicitly overrides them. In an agent skill, this can cause the assistant to ignore or override the user’s expected language/output preferences, creating prompt-scope drift and reducing reliability, though it is primarily a quality and policy-control issue rather than a direct security exploit.

Missing User Warnings

Low
Confidence
92% confidence
Finding
The workflow directs file-writing behavior without any explicit warning, confirmation step, or disclosure that local files will be modified. This creates a safety and transparency issue because users may reasonably expect a writing assistant to draft text, not silently alter files on disk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal