ClawHub

历史学通用史料检索工具,调用公司内部秘塔学术工具,自动搜集正史、档案、方志、学术文献,规范标注出处

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only history source collection skill with no executable code, persistence, or hidden data handling.

Install only if you have approved access to the referenced internal academic search tool. Do not paste private API keys into prompts, and verify original sources, quotations, and GB/T 7714 citations before using the output in teaching, coursework, or publication.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill explicitly states that outputs can be used directly for teaching, coursework, and academic research, but it does not warn users that AI-assisted retrieval, citation formatting, and source characterization may still contain errors or omissions. In an academic-use context, this can encourage overreliance on unverified output, leading to inaccurate citations, misuse of sources, or integrity issues in coursework and research.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal