ClawHub

7步需求拆解框架

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only planning skill that may make the agent pause and ask more clarifying questions, but it does not install code or request privileged access.

Install this if you want the agent to slow down, analyze requests, and ask for confirmation before acting. Expect more Chinese-language structure and occasional tone mismatches; avoid it if you want fast, direct answers for routine requests.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

High
Confidence
91% confidence
Finding
Examples such as '那个' and '怎么办' are ordinary conversational phrases with highly ambiguous meaning, so using them as trigger examples can cause the skill to activate far outside its intended purpose. In practice this broadens control over unrelated interactions and may degrade safety by steering benign exchanges into an unnecessary analysis workflow.

Vague Triggers

Medium
Confidence
91% confidence
Finding
Examples such as '那个' and '怎么办' are ordinary conversational phrases with highly ambiguous meaning, so using them as trigger examples can cause the skill to activate far outside its intended purpose. In practice this broadens control over unrelated interactions and may degrade safety by steering benign exchanges into an unnecessary analysis workflow.

Natural-Language Policy Violations

Low
Confidence
86% confidence
Finding
The template hard-codes the honorific '少爷' and otherwise prescribes a specific language/register without asking for the user's preference. In a skill that is meant to run broadly before many user tasks, this can cause inappropriate, culturally mismatched, or manipulative tone selection and reduce user trust or accessibility.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal