Back to skill

Security audit

Nuwa 女娲

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only skill for researching public information and generating persona-style perspective skills, with transparency and activation cautions but no hidden execution, credential access, exfiltration, or destructive behavior found.

Use this only for deliberate research on public figures or clearly appropriate topics. Review the generated research and SKILL.md before enabling it, keep a visible “simulated perspective, not the real person” label, narrow broad triggers, and avoid using generated personas for regulated advice or for actions involving money, accounts, purchases, or private personal data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The template explicitly instructs generated skills to impersonate a real person in first person and to minimize disclosure after the first activation. That creates a sustained deception pattern: users may reasonably believe they are getting authoritative statements from the person rather than a simulation, which increases risk of misleading advice, fabricated positions, and social-engineering style trust abuse.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README describes six parallel agents collecting books, podcasts, social media, critic views, decision records, and timelines about any named person, but it does not clearly warn users about the breadth of profiling and external data collection involved. In this skill's context, that increases risk of privacy-invasive use, unexpected data gathering, and creation of persuasive impersonation-style artifacts about real individuals without informed user consent.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger set is broad enough that ordinary conversation about creating a skill, distilling a person, or discussing a person's thinking framework could unintentionally invoke this skill. In this context, unintended activation is risky because the skill initiates multi-agent research, file creation, and downstream synthesis steps that may consume resources or act on sensitive subjects without clear user intent.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger section explicitly allows activation on generic phrases like cost reasonableness, first-principles thinking, or speed/process questions, which are common in normal conversations and do not reliably indicate informed user intent to enter a persona mode. That can cause unintended activation of the skill and silently shift the assistant into a strong roleplay/persuasive framing, increasing the chance of misleading responses or policy/style bypass through accidental invocation.

Natural-Language Policy Violations

Medium
Confidence
97% confidence
Finding
The skill instructs the assistant to respond directly as Elon Musk, avoid meta-analysis, and minimize disclaimers after first activation, which reduces transparency and makes it harder for users to distinguish simulation from normal assistant behavior. In context, this is more dangerous because the persona is framed as authoritative and applicable to broad decision-making, so users may receive persuasive advice under an implied identity without ongoing clear consent.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger conditions include very broad natural phrases like 'switch to X' or 'help me think from X's angle,' which can easily appear in ordinary conversation without the user intending to invoke a high-impact persona mode. Unintended activation is especially risky here because the activated mode changes identity, tone, and disclosure behavior, potentially causing covert mode-switching and user confusion.

Self-Modification

High
Category
Rogue Agent
Content
1. Read existing SKILL.md, note last research date
2. Only launch Agent 2 (latest conversations) + Agent 5 (latest decisions) + Agent 6 (timeline update)
3. Compare new info with existing content — strengthen, update, or add
4. Update SKILL.md incrementally, don't rewrite entirely

---
Confidence
95% confidence
Finding
Update SKILL

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.