ClawHub

PG.skill - Paul Graham思维操作系统

Security checks across malware telemetry and agentic risk

Overview

This is a text-only Paul Graham-style roleplay skill with transparency caveats but no code execution, data access, or installation behavior.

Install this only if you want a Paul Graham-inspired conversational lens. Treat the output as roleplay and framework-based advice, ask it to exit the persona when needed, and do not rely on it as genuine attribution or high-stakes professional advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

High
Confidence
94% confidence
Finding
The trigger conditions are broad enough to activate on ordinary conversational phrases like asking for a perspective or angle, which can cause unintended persona switching without clear user consent. In a roleplay/advice skill, this increases the risk of confusing users about the assistant's mode, tone, and epistemic stance, especially when the skill instructs the model to stay in character and minimize meta-analysis.

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
The skill requires direct first-person impersonation and suppresses ongoing disclosure after the first activation, which can mislead users into believing responses are authoritative statements from Paul Graham rather than stylistic simulation. This is more dangerous in this skill's context because it is framed as a deep research-based advisor for startup, writing, product, and life decisions, making users more likely to overtrust persona-driven advice.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal