ClawHub

亿欧 Demo 转技术方案

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-generation skill that turns demos and requirements into technical planning documents, with no executable code or hidden data access.

Install is reasonable if you want a Chinese-language assistant for turning demos or requirements into development planning documents. Be mindful that business demos and prototypes may contain confidential product details, so provide only material you are comfortable processing in your agent environment and specify another output language if needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger phrases include broad, generic requests such as converting a demo into a technical plan or organizing material into development documentation. In an agent environment, overly broad activation criteria can cause unintended invocation on ordinary user requests, leading to confusing behavior, unwanted processing of sensitive business inputs, or bypass of the user's intended workflow.

Natural-Language Policy Violations

Medium
Confidence
82% confidence
Finding
The skill is written to default to Chinese output without describing language negotiation, locale detection, or explicit user consent. This can cause misinterpretation of requirements, incorrect downstream artifacts, or accidental disclosure/processing in an unexpected language context, especially in multilingual environments or shared enterprise workflows.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal