ClawHub

University Applications

Security checks across malware telemetry and agentic risk

Overview

This prompt-only admissions helper has no executable payload, but it needs review because it asks for unrelated high-impact capabilities and its own outputs conflict with its official, complete-coverage claims.

Install only if you will treat it as a prompt/template helper, not an authoritative admissions source. Do not grant purchase or crypto-related permissions for this admissions workflow, confirm before it writes report files, and verify every fee, deadline, requirement, and program list directly on the linked official university pages.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (13)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The template hard-codes '9 universities' in visible UI elements while the skill metadata promises coverage of all 22 Hong Kong universities. This creates a data integrity issue: users may be misled about completeness, and downstream decisions based on the exported admissions dataset could be materially wrong.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The template hard-codes coverage as '9 universities', which conflicts with the skill's declared scope of 22 Hong Kong institutions. This can cause the agent to omit private or additional public institutions and produce incomplete admissions guidance while still presenting it as comprehensive and official-sourced.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The executive summary explicitly states 'Total Universities | 9', directly contradicting the advertised 22-institution coverage. This creates a structured, user-visible misrepresentation that can mislead applicants into believing the dataset is complete when nearly half the intended scope may be missing.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The placeholder indicating only universities 2-9 follow the same format reinforces a nine-university document structure, embedding scope reduction into the template itself. In this skill context, that is dangerous because the output is intended as a comprehensive admissions reference based only on official sources, so omissions undermine both completeness and trustworthiness.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The template hard-codes '9 Universities' in multiple visible output sections, which directly conflicts with the skill's stated scope of 22 Hong Kong institutions. This can mislead users into believing the generated report is complete when it omits institutions, creating an integrity problem in a decision-support document about admissions.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The page asserts comprehensive coverage of all 22 Hong Kong institutions, but the embedded content does not support that claim and separately excludes several schools as having no master's programs. In an admissions-information skill, this is dangerous because users may rely on the output as complete and official, causing omission of valid options, missed deadlines, or incorrect downstream documents in Excel/PDF/Word exports.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The document claims the data source is university official websites, but the disclaimer later states the content is based on AI training data rather than live official collection. This creates a material integrity issue: users may rely on inaccurate tuition, deadline, and admissions requirements while believing the information is officially sourced and current.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill description promises collection of admissions information for all Hong Kong universities' master's programs, but the output explicitly says it includes only representative programs. This mismatch can mislead users into believing the dataset is exhaustive, causing omissions of relevant programs, deadlines, or requirements during decision-making.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The disclaimer states the information was collected from AI training data rather than from current official university websites, which directly contradicts the skill's stated requirement to use only official sources. This can mislead users into trusting stale or hallucinated admissions data, causing incorrect application decisions, missed deadlines, or financial harm.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The file declares `https://registry.hsu.edu.hk/` as an official admissions source, but the later validation rule says all URLs must match `https://*.hsu.edu.hk/**`, which excludes the bare apex domain `hsu.edu.hk` and creates an inconsistent trust policy. This can cause the agent to reject legitimate official sources, omit required admissions data, or mis-handle URL filtering logic in downstream automation.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The phrase 'or similar instructions' creates an overly broad activation boundary, so the skill may run a full collection workflow for loosely related user requests without clear confirmation. In an agent setting, ambiguous triggers can cause unintended large-scale browsing, data collection, and downstream file generation, especially when paired with multi-step autonomous workflows.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill instructs the agent to generate and save multiple output files but does not clearly disclose that these writes occur in the local working directory. This can lead to unintended filesystem side effects, overwriting existing files, or silently leaving artifacts containing scraped data, which is risky in automated or shared execution environments.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger mapping includes extremely broad activation terms such as "all" and "everything," which can match ordinary user language unrelated to format conversion. In an agent workflow, this can cause accidental invocation of multi-format generation, leading to unexpected actions, excess output, and possible chaining into other workflow steps such as data collection when the user did not clearly request them.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal