ClawHub

PRD-Writer

Security checks across malware telemetry and agentic risk

Overview

This PRD-writing skill is coherent and purpose-aligned, with minor cautions around broad triggers and a diagram HTML file that loads Mermaid from a CDN.

Install this if you want an agent to help draft or refine PRDs. Be aware that generated HTML chart attachments may contact jsDelivr and run Mermaid JavaScript when opened, so use caution with sensitive/offline environments. Also expect generic PRD or requirements-document prompts to activate this workflow.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The HTML attachment is described as viewable 'without network', but it loads Mermaid from a remote jsDelivr CDN. This creates a supply-chain and privacy risk because opening the file can trigger external network access and execute third-party JavaScript, contrary to the stated behavior. In this skill context, the risk is moderate rather than critical because the HTML is an optional artifact for diagram rendering, but it could still surprise users and violate offline/security expectations.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger list is unusually broad and includes many generic phrases such as '需求文档' and '生成PRD', which can cause the skill to activate in contexts where the user did not explicitly intend to invoke it. In an agent environment, overly permissive activation increases the chance of accidental takeover of unrelated conversations or unintended document generation workflows.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger list contains broad phrases such as generic PRD and product-document requests that may activate the skill for loosely related user prompts. Over-broad activation can cause unintended capability invocation, unexpected file/tool use, and reduced user control over when this workflow runs. The skill is not inherently dangerous, so the impact is low, but the ambiguity increases the chance of inappropriate activation.

Vague Triggers

Medium
Confidence
84% confidence
Finding
Allowing invocation via an ambiguous 'direct request' path without defining boundaries makes skill activation underspecified. This can lead to the skill engaging in contexts where the user did not clearly intend to invoke it, especially when combined with generic triggers. In this document-writing context the harm is limited, but it is still a real control-plane weakness around authorization and predictability.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal