ClawHub

行业分析·数字化方案

Security checks across malware telemetry and agentic risk

Overview

This is a coherent research-and-reporting skill that writes expected local analysis files, with no evidence of hidden or harmful behavior.

Install this if you want a pipeline skill that researches public vendor digital-solution information and writes a local industry report. Before running it in an existing workspace, check whether output/{industry-slug}/03-digital-solutions.md or session.json already contain work you need preserved, because the skill does not define backup or merge behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill is designed to write `output/{industry-slug}/03-digital-solutions.md` and later modify `session.json`, but the user-facing description does not clearly disclose that it performs local file writes and state changes. In an agent environment, undisclosed persistence can surprise users, overwrite prior analysis artifacts, or create auditability issues when the skill is invoked implicitly as part of a pipeline.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
Standalone mode allows the skill to auto-generate a missing `session.json`, which means it can create new local state without explicit user awareness or consent. This is risky because it expands the skill from a read/transform operation into one that mutates the workspace and may seed downstream pipeline behavior based on generated state the user did not intend to create.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal