ClawHub

自然语言转JOSN参数

Security checks across malware telemetry and agentic risk

Overview

This is a template-based natural-language-to-JSON skill with disclosed context reuse and no code execution, network access, credential handling, or hidden persistence.

Install this only if you want short follow-ups like “top20” or “最近三天呢” to reuse the previous JSON query. Review generated JSON before using it downstream, especially when previous prompts involved sensitive topics or when starting an unrelated request.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The skill’s trigger description is extremely broad, covering generic requests like '转成JSON' or '用JSON格式输出', which can cause the agent to invoke this skill for ordinary formatting requests outside its intended scope. That creates prompt-routing risk: user requests containing unrelated sensitive content may be pulled into this skill’s extraction and templating flow, potentially transforming or exposing data in unintended ways.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The example trigger phrases are vague and unconstrained, reinforcing activation on common requests like '输出成JSON' or '返回JSON格式'. In skill-routing systems, such broad examples increase accidental invocation and can override more appropriate skills or capture user inputs not meant for persistent parameter extraction.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The eval prompt uses a broad natural-language trigger phrase ("识别成JSON") that overlaps with ordinary user requests, which can cause the skill to activate in unintended contexts. In an agent environment, overly generic routing phrases increase the chance of mis-invocation, leading to incorrect handling of user input, unexpected data transformation, or bypass of more appropriate skills.

Ssd 3

Medium
Confidence
96% confidence
Finding
The skill explicitly instructs the agent to remember and reuse prior parameters across turns, including inheriting the previous `other` object when later input is partial. This creates a clear cross-turn data leakage risk: sensitive entities, topics, filters, or time ranges from an earlier request may silently appear in later outputs when the user gives a short follow-up like '最近三天呢', even if the follow-up is ambiguous or from a different conversational context.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal