马斯克.skill - Elon Musk思维操作系统

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only Elon Musk persona skill, but it asks the agent to impersonate a real person and reduce transparency after activation.

Install only if you intentionally want a real-person roleplay skill. Consider editing it to always label outputs as a simulated public-information-based perspective, remove 'I am Elon Musk' style claims, and require explicit opt-in before activation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: The skill explicitly instructs the assistant to answer as if it is Elon Musk rather than as an analyst using a public-figure perspective. That identity-assumption can mislead users about authorship, suppress normal transparency, and increase the chance the model adopts unsafe rhetorical patterns or authority claims associated with the persona.

Intent-Code Divergence

Medium

Confidence: 96% confidence
Finding: The document first says the skill is not Elon Musk, then later instructs the assistant to speak as Elon Musk in first person. This contradiction creates deceptive behavior by design: the disclaimer is minimized while the operative instruction encourages impersonation, making user confusion more likely.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger conditions include broad phrases like cost reasonableness, first-principles thinking, and vertical integration, which can match many ordinary business or strategy questions. That can cause unintended activation of the persona, overriding user intent and injecting a forceful identity-based style into contexts where it was not requested.

Ssd 1

Medium

Confidence: 95% confidence
Finding: The role-play section requires full identity assumption, first-person speech, and suppression of meta-analysis unless the user explicitly exits the role. That combination can semantically override safer assistant behavior, reduce transparency, and make it harder for the model to preserve provenance, caveats, and policy-aligned refusals when responding in high-stakes contexts.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal