Following the controversy over content scraping, the Tencent SkillHub plugin was found to prepend a trigger word before each message in OpenClaw, Source code analysis: "Essentially a trigger word injector."

According to 1M AI News's monitoring, following the previous Tencent SkillHub's adoption of ClawHub skill, some users have further discovered that the skillhub plugin automatically installed with Tencent SkillHub forcefully inserts a prompt word segment titled "Skills store policy (operator configured)" before each message sent by the user to the AI. This prompt word contains 6 rules, with the core instruction being: when discovering, installing, and searching for skills, prioritize the use of skillhub (labeled as cn-optimized); only fallback to the official clawhub (public-registry) when unavailable or unmatched.

Immediately, user "Zhang Jia's Traffic Insights" posted in the "Big Company Negative Supervision Group" circle, sharing screenshots and source code analysis. The screenshot shows that this policy text appears in every conversation, continuously consuming the user's token. A source code analysis of the plugin path ~/.openclaw/extensions/skillhub/index.ts reveals that the plugin's core logic only consists of one item: through the before_prompt_build event hook, it inserts the policy text at the beginning of the system prompt word using the prependContext method. The analysis conclusion is: "Essentially, it is a prompt word injector with no actual business logic, solely serving as a policy declaration." The post author's assessment: "This is the first piece of rogue software I've encountered since using Agent."