ClawHub

Knowledge Card Generator

Security checks across malware telemetry and agentic risk

Overview

This skill appears to make image or knowledge cards, but it includes instructions that could bypass safety or copyright limits and publish generated images publicly without clear consent.

Review this skill carefully before installing. It may be useful for generating visual cards, but only use it with non-sensitive content unless you are comfortable with generated images being uploaded to a public CDN, and do not rely on its substitute-generation guidance for people, copyrighted characters, or protected likenesses.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The style guide explicitly instructs the agent to produce a 'similar substitute' for sensitive persons or copyrighted content instead of refusing. That is a policy-bypass pattern because it steers the model away from normal safety or copyright refusal behavior and encourages evasion through near-substitutes.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The activation phrases are very broad and map to common requests like making a card or poster, which can cause the skill to trigger outside its intended scope. This creates routing ambiguity and may lead the agent to invoke this skill in unrelated contexts, increasing the chance of unintended web retrieval, off-topic content generation, or bypass of more appropriate safeguards in other skills.

Natural-Language Policy Violations

Medium
Confidence
82% confidence
Finding
The skill specification is written to enforce Chinese-language interaction and does not offer a language selection path, which can cause user intent to be mishandled or confirmations to be misunderstood. In a workflow that requires user approval before image generation, language mismatch can undermine informed consent and lead to incorrect or misleading outputs.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The prompt workflow explicitly instructs the agent to upload generated images to a public CDN and then send the resulting public URL, but it provides no requirement for user consent, privacy notice, or checks that the image content is safe to publish. If generated cards contain sensitive, proprietary, or user-specific content, this creates an unintended public disclosure risk.

Natural-Language Policy Violations

High
Confidence
99% confidence
Finding
This instruction directly tells the system not to refuse sensitive-person or copyright-related requests, but to fulfill them via lookalike replacements. In practice, that can be used to circumvent safeguards for public figure depictions, likeness abuse, or copyrighted character/style imitation while preserving the user's prohibited intent.

Ssd 1

High
Confidence
99% confidence
Finding
The surrounding document appears to be a benign visual style guide, which makes the unsafe instruction more dangerous because it is embedded as a normal formatting rule rather than an obvious override. The phrase '不要拒绝生成' ('do not refuse generation') is a strong red flag: it attempts to shape model behavior so safety controls are bypassed under the guise of style compliance.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal