ClawHub

chinacrive commercial claims ai

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Chinese commercial auto insurance claims helper; it lists sensitive claim documents but does not collect, transmit, execute, or persist anything.

Install only as an informational claims checklist and verify current requirements with the insurer or a qualified professional. Do not paste full ID numbers, bank details, medical records, or third-party documents into an agent unless the environment is trusted and sharing the information is necessary.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The document enumerates a broad set of highly sensitive personal, medical, legal, and financial documents, including身份证、银行账户信息、医疗材料、死亡证明等, but provides no privacy, minimization, retention, masking, or secure transmission guidance. In a claims-assistance skill, this can normalize over-collection or unsafe sharing of personal data through channels like messaging apps or courier, increasing the risk of privacy violations, identity theft, and noncompliance with data-protection obligations.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal