ClawHub

strategic-analyst-skill

Security checks across malware telemetry and agentic risk

Overview

This strategy-analysis skill is mostly coherent, but it automatically researches externally, keeps local research logs, and can generate unsafe HTML from untrusted content.

Install only if you are comfortable with external web searches and local research logs. Avoid entering confidential business plans, non-public financials, customer data, credentials, or internal strategy details; review or delete data_collection.md after use; and be cautious opening generated HTML reports from untrusted source material until the HTML escaping/sanitization issue is fixed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The Markdown-to-HTML pipeline injects unescaped user-controlled content directly into HTML in multiple places, including links, section titles, table cells, and paragraph content. Because raw HTML is preserved rather than sanitized, any untrusted Markdown can become active script or event-handler content in the generated report, leading to stored XSS when the HTML is opened in a browser.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger list is very broad and includes generic business phrases such as '市场研究', '竞争分析', and '了解XX市场', which can overlap with ordinary user requests not specifically intended to invoke this skill. This increases the chance of unintended activation, causing the agent to apply this skill's constraints, tooling assumptions, or workflow in contexts where it is not appropriate.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The activation triggers are broad business phrases that can match ordinary user requests, increasing the chance the skill engages unintentionally. That can cause unplanned external research behavior or collection workflows to start without clear user intent, though this is more of an overreach/privacy issue than a severe exploit path.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill requires saving a persistent intermediate log containing search queries, source URLs, and raw snippets, but does not mention consent, retention limits, or redaction. If user-provided business context, confidential plans, or sensitive research topics are included in those logs, the artifact can become an unnecessary data-retention and disclosure risk.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The workflow explicitly sends research queries to external services such as Tavily or WebSearch but provides no user-facing warning that their prompts or embedded context may leave the local environment. In a strategy-analysis setting, users may submit market-entry plans, investment theses, or internal company details, making silent transmission to third parties materially risky.

Natural-Language Policy Violations

Medium
Confidence
86% confidence
Finding
The skill is written entirely in Chinese and establishes a Chinese-speaking persona without offering the user a language choice or documenting why Chinese is required. This can create accessibility and usability risks, and in multilingual environments may mis-handle user intent or exclude users who cannot evaluate the agent's output, though it is not a direct security exploit.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal