ClawHub

Story Short Write

Security checks across malware telemetry and agentic risk

Overview

This is a Chinese short-story writing skill whose file reads, file writes, optional local agents, and punctuation script are disclosed and aligned with producing a complete manuscript.

Install this if you want a Chinese web-fiction drafting workflow that creates and edits manuscript files in your workspace. Before using it in an existing project, check the target title folder and manuscript filenames so you do not overwrite drafts unintentionally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The workflow explicitly instructs the agent to write story content directly into project files, which expands the skill from conversational assistance into filesystem modification. In an agent environment, this can cause unintended overwrites, persistence of generated content, or writes into user workspaces without explicit per-action consent, especially if path handling is not tightly constrained.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The instruction to run a Node.js script introduces code execution behavior that is broader than normal writing assistance and can execute local repository code. If the script or environment is modified, this becomes a path to unintended command execution, dependency abuse, or side effects on user files.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrases include very broad natural-language requests like '帮我写一篇短篇' and '写个盐言故事', which can cause accidental invocation in ordinary conversation. Unintended activation is dangerous because the skill is designed to read/write local project files and orchestrate multi-step file operations, so a casual request could unexpectedly modify workspace content or launch a more invasive workflow than the user intended.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The file includes prescriptive gender-specific rules such as prohibiting certain romantic dynamics for male-targeted fiction. In a user-facing writing skill, this can steer outputs toward biased or exclusionary content without the user's explicit request, reducing neutrality and potentially reinforcing harmful stereotypes in generated text.

Natural-Language Policy Violations

Medium
Confidence
91% confidence
Finding
The file is entirely written in Chinese and presents imperative guidance without indicating that language should adapt to the user's preference. In an agent skill, this can cause the model to default to Chinese responses even when the user did not opt in, degrading usability and potentially causing misunderstanding or exclusion for users expecting another locale.

Natural-Language Policy Violations

Medium
Confidence
94% confidence
Finding
The file content is entirely written in Chinese and presents operational guidance without offering any language fallback or user-choice mechanism. In an agent skill, this can cause incorrect routing, inaccessible output, or exclusion of users who do not read Chinese, especially if the skill is invoked in multilingual contexts.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The file-writing instructions do not clearly warn the user that the agent may create or modify files, so users may not understand the persistence and overwrite risk. Lack of disclosure increases the chance of surprising side effects, accidental data loss, or modification of project artifacts the user did not intend to change.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal