ClawHub

AI创业MVP快造工厂

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a startup/MVP workflow helper with broad activation terms, but the available evidence does not show hidden, destructive, credential, or persistence behavior.

Before installing, confirm you want a workflow skill that may activate on general创业, MVP, 从0到1, or 产品构思 conversations. Review generated plans and outputs before acting on them, especially if the workflow later connects to tools that publish, render, or perform market research.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger list is broad and includes generic创业/产品-related phrases, which can cause the skill to activate in contexts where the user did not intend to launch an automated MVP-building workflow. Unintended invocation can expose user prompts to unnecessary downstream skills, trigger excessive automation, and create confusion or unsafe actions if chained tools perform searches, code generation, or project orchestration automatically.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger list includes broad terms such as '创业', 'MVP', '从0到1', and '产品构思' that are likely to appear in ordinary discussions, increasing the chance that the skill activates when the user did not intend to invoke it. In an automation workflow that chains planning, content generation, rendering, and market analysis, unintended activation can cause inappropriate data processing, confusing outputs, or downstream actions based on incidental conversation context.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal