ClawHub

多科学透视

Security checks across malware telemetry and agentic risk

Overview

This is a text-only Chinese multidisciplinary analysis skill with no executable behavior, but users should be careful about any file paths or sensitive text they ask it to analyze.

Install this if you want a Chinese-language helper for cross-disciplinary idea analysis. Only paste text or provide file paths that you intend the agent to read, and avoid secrets, credentials, private system files, regulated data, or unrelated personal documents.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill’s activation criteria are phrased very broadly, including generic requests like multidimensional analysis, brainstorming, or deep article writing. This can cause the skill to be invoked in contexts the user did not explicitly intend, increasing the chance that unrelated sensitive content is processed under this workflow.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly allows users to provide a file path for the AI to read, but it does not define any access boundaries, validation rules, or privacy warnings. In an agent environment, this can lead to unintended access to sensitive local files, secrets, or unrelated user data if a path is supplied or inferred unsafely.

Natural-Language Policy Violations

Medium
Confidence
89% confidence
Finding
The file content is entirely in Chinese and presents the analysis framework, prompts, and guidance only in Chinese, without any indication that users can choose another language. This can exclude or mislead users who are not Chinese-speaking, causing accessibility and usability issues; however, it does not introduce direct code execution or data exfiltration risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal