ClawHub

Private Advisor

Security checks across malware telemetry and agentic risk

Overview

This is a Markdown-only Chinese philosophy-advice skill with broad sensitive-topic coverage, but no hidden code, credential access, persistence, or data exfiltration.

Install only if you want a Chinese-language reflective philosophy advisor. Treat its output as educational reflection, not medical, mental-health, legal, financial, emergency, military, or current-events authority. For severe distress, self-harm risk, legal disputes, financial decisions, or safety-critical topics, use qualified professionals or authoritative sources. The package also includes a WeChat/contact note for custom services; avoid sharing sensitive personal information off-platform.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (15)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill’s activation scope is effectively 'anything,' spanning personal dilemmas, political conflict, economics, ethics, and history without clear boundaries or gating. This increases the chance the agent will be invoked for high-stakes or regulated topics and provide authoritative-sounding advice outside safe operational limits, which can mislead users or bypass more specialized safeguards.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly covers sensitive personal and societal topics, including emotional distress, military conflict, law, and ethics, but provides no warnings, limitations, or safety framing. In this context, users may treat philosophical analysis as actionable professional guidance, creating elevated risk of harmful decisions in crisis, mental health, legal, or other high-stakes situations.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger phrases are very broad, common expressions about stress, failure, and hardship, so the skill may activate for many ordinary conversations where the user did not explicitly request philosophical guidance. In a sensitive advice-oriented skill, unintended activation can steer vulnerable users into a preset framing that may be inappropriate for their mental state, especially given some content normalizes stoicism and endurance under suffering.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger list is broad and includes generic phrases like '怎么办' and '未来不确定', which can match many normal conversations and cause the skill to activate outside its intended scope. In a philosophy/advice skill, unintended invocation can override more appropriate domain-specific handling and lead to misleading or ungrounded guidance in sensitive contexts such as mental health, crisis, legal, or financial discussions.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger phrases are very broad everyday expressions like '不知道怎么选' and '纠结犹豫', which can match a large range of ordinary conversations. In an agent system, this can cause unintended activation, routing users into this skill when they did not explicitly ask for philosophical decision support, leading to incorrect responses, overreach into unrelated topics, or interference with more appropriate specialized skills.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The file explicitly routes users with '抑郁、低落' and related emotional distress to generalized philosophical guidance, but it provides no disclaimer that this is not professional mental-health support and no escalation path for crisis or self-harm risk. In the context of an advisory skill meant to answer real-life困惑, this omission can cause vulnerable users to rely on inadequate advice and delay seeking qualified care.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger conditions are very broad and map to common, high-level topics such as AI ethics, privacy, security, and technology tradeoffs. In an agent setting, this can cause unintended skill activation on many ordinary discussions, increasing the chance of irrelevant instruction injection into conversations and reducing routing precision.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The activation cues are broad, subjective, and overlap with many normal user states such as anxiety, low happiness, comparison, or asking generally about happiness. In an agent setting, this can cause the skill to trigger outside its intended scope, leading to unsolicited philosophical guidance, response hijacking from more appropriate skills, or mishandling of users who may actually need emotional support triage rather than reflective content.

Natural-Language Policy Violations

Low
Confidence
83% confidence
Finding
The file is entirely in Chinese with no language-selection logic or user opt-in, so it may be surfaced to users who do not read Chinese or did not request Chinese output. In a skill-routing context, this can degrade reliability, confuse users, and cause the system to deliver inaccessible or misaligned guidance rather than the expected language response.

Natural-Language Policy Violations

Medium
Confidence
93% confidence
Finding
The file content is entirely in Chinese and does not provide any user language choice or document a justified locale restriction. This can exclude or mislead users who interact in other languages, causing degraded usability, misunderstanding of sensitive geopolitical advice, and inconsistent agent behavior across audiences.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger conditions are broad enough to activate on users expressing emptiness, confusion, or loss of meaning, which can overlap with crisis or self-harm-adjacent mental health situations. In a philosophy advice skill, this can cause the agent to respond with abstract existential content when the safer behavior would be to detect distress, clarify intent, or route to supportive crisis-aware guidance.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The file provides broad psychological guidance for issues such as anxiety, compulsive thinking, sleep problems, emotional instability, and relationship distress, but it does not warn users that the material is educational rather than clinical advice or direct users to professional or emergency help for severe symptoms. In an agent skill that may be used as real-world advice, users in crisis could rely on simplified self-help frameworks instead of seeking appropriate care, delaying intervention or worsening harm.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The activation phrases are very broad, everyday expressions such as procrastination, lack of motivation, or difficulty with self-discipline. In an agent environment, this can cause the skill to trigger unintentionally across many unrelated conversations, leading to overreach, incorrect routing, or unsolicited philosophical guidance where the user did not explicitly ask for this skill.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger conditions are very broad and can cause this reference to activate for a wide range of ordinary social, legal, and policy discussions without clear boundaries. In an agent skill, overbroad routing can lead to unintended use of opinionated normative framing in contexts that may require domain-specific legal, safety, or factual guidance, increasing the risk of misleading or inappropriate responses.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The invocation trigger is very broad, covering vague categories like career confusion, burnout, and major life decisions without defining boundaries or routing criteria. In an agent system, this can cause the skill to activate for sensitive employment, mental health, financial, or legal-adjacent situations where generic philosophical guidance may override more appropriate specialized handling.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal