ClawHub

技能名称生成器

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only naming helper with some broad and bilingual output preferences, but no code, secrets access, persistence, or external actions.

Safe to install for help naming skills. Be aware it may activate on broad naming requests and may return both Chinese and English even when only one language is wanted; also review the unrelated crypto/purchase metadata tags if your environment uses tags for routing or trust decisions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger conditions include broad phrases such as asking for help naming something, which can cause the skill to activate in conversations that are not specifically about naming a Skill. Over-broad invocation can hijack user intent, produce irrelevant outputs, and interfere with higher-priority or more appropriate skills, making the agent less predictable and easier to steer unintentionally.

Natural-Language Policy Violations

Medium
Confidence
87% confidence
Finding
The skill description establishes a Chinese-focused behavior without presenting language choice or a documented locale constraint. In a multi-user or multilingual agent environment, hard-coded language behavior can override user preference and create policy/compliance issues around accessibility, user intent fidelity, and unexpected disclosure in the wrong language.

Natural-Language Policy Violations

Medium
Confidence
94% confidence
Finding
These output requirements mandate Chinese names as a required part of every response regardless of what the user asked for. This reduces user control and can cause the agent to violate language preference, produce unnecessary multilingual content, or mishandle requests in contexts where only one language is appropriate.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The mandatory final rules explicitly require bilingual Chinese-and-English output with no user choice, reinforcing the same language-policy issue at the enforcement layer of the skill. Because this is framed as a hard requirement, it is more likely to override system behavior and consistently produce outputs misaligned with user intent or organizational policy.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal