ClawHub

camera-recommendation

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed camera-shopping recommendation skill with no evidence of hidden execution, credential access, persistence, or destructive behavior.

Install this if you want a China-mainland-oriented camera recommendation assistant. Verify prices, availability, seller recommendations, and warranty terms with official or authorized retailers before buying, and be aware that broad camera-shopping phrases may invoke the skill automatically in platforms that use loose trigger matching.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The example trigger phrases are ordinary user requests like '推荐相机' and '我想买相机,预算1万左右', which are highly likely to appear in normal conversation. If the platform activates skills through loose keyword or phrase matching, this can cause unintended invocation, exposing user context to the skill and producing responses when the user did not explicitly choose this extension.

Vague Triggers

Low
Confidence
67% confidence
Finding
The installation guide tells users to verify loading by trying broad trigger wording, but it does not define what exact phrases, prefixes, or activation rules are required. This ambiguity increases the chance that the skill is configured with permissive matching, leading to accidental activation and unpredictable routing of ordinary chat messages.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrases include very generic terms like '买相机', '选相机', and 'camera recommendation', which can fire during ordinary shopping or casual discussion rather than an explicit request to invoke this skill. Over-broad activation can cause unintended skill execution, leading to irrelevant or unsolicited recommendations and increasing the chance of prompt-routing mistakes in multi-skill environments.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal