ClawHub
Back to skill

Security audit

sdd-requirements-normalizer

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only skill for turning product ideas into SDD requirement documents, with no code execution, credentials, network access, or persistence.

Safe to install for drafting SDD-style requirements. Specify your preferred output language if you do not want Chinese, and review generated assumptions before using the document for design or implementation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The template hard-codes Chinese as the default output language ('默认使用中文输出'), which can override or bias the agent away from the user's preferred language if no explicit language negotiation occurs. This is a prompt-quality and user-alignment issue rather than a classic exploit, but it can cause incorrect or inaccessible outputs and may be abused to ignore user expectations in multilingual contexts.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal