ClawHub

第一性原理思维框架,基于 SACL 方法论。帮助你在资源有限时,通过剥离层-基元化-约束映射-杠杆重构,找到破局点和不对称优势。

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only problem-solving framework with broad trigger wording but no code, permissions, credentials, or hidden system access.

Reasonable to install as a thinking aid. Users should be aware it may activate for broad planning or problem-solving prompts, and any suggested tactics involving public platforms or scraping should be checked against platform rules and normal legal/ethical constraints.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The invocation description is broad enough to match many ordinary requests about problem-solving, bottlenecks, or limited resources, which can cause this skill to activate outside its intended niche. Over-broad activation increases prompt-surface area and can override more appropriate domain-specific skills, leading to irrelevant guidance, degraded safety routing, or accidental use in sensitive contexts where a generic reasoning framework is insufficient.

Vague Triggers

Medium
Confidence
93% confidence
Finding
Several trigger examples are common, everyday requests such as breaking down a complex problem or finding leverage points, so they are likely to match normal conversations that do not specifically require this skill. This can cause unintended activation, misrouting user requests away from better-suited skills, and in edge cases introduce advice patterns not appropriate for high-risk domains because the examples are framed too generically.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal