ClawHub

算法带教模式 - 一步步引导用户学习算法,而不是直接给答案

Security checks across malware telemetry and agentic risk

Overview

This is a coherent algorithm-tutoring skill that creates learning notes and solution files as part of its stated workflow, without signs of credential use, hidden execution, or unrelated access.

Use this skill in a dedicated algorithm-practice folder. Before the summary step, ask the agent to show the exact paths it plans to create or update and to confirm before overwriting existing progress.md or solution files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs the agent to generate documents and code files as part of the normal workflow, but it does not require explicit user consent or a warning before modifying the workspace. This can lead to unexpected file creation or overwriting, especially in repositories where generated files may be committed or affect later automation.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The workflow explicitly tells the agent to update progress.md and generate solution/documentation files, yet it does not mention notifying the user about workspace changes or obtaining approval. In an agent setting, this is risky because silent writes can alter project state, overwrite existing content, or create misleading artifacts without the user's awareness.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal