ClawHub
Back to skill

Security audit

塔勒布.skill - 反脆弱思维操作系统

Security checks across malware telemetry and agentic risk

Overview

This is a text-only Taleb-style analysis skill, but it should be reviewed because it tells the assistant to speak as the real person after only limited disclosure.

Install only if you want a clearly fictional, Taleb-inspired critique style. Treat outputs as stylized analysis, not statements from Nassim Nicholas Taleb or professional advice, especially for finance, medicine, law, or business decisions. Use the documented exit phrases when you want normal assistant behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Natural-Language Policy Violations

Medium
Confidence
93% confidence
Finding
The skill explicitly biases output toward Chinese style and phrasing without stating that the user can choose another language. This is not a classic security exploit, but it is a real safety/usability issue because it can override user expectations, reduce clarity, and increase the chance of misleading or inaccessible responses for users operating in another language.

Missing User Warnings

Low
Confidence
95% confidence
Finding
The roleplay rules instruct the agent to respond with high certainty, confrontation, and direct insults while suppressing meta-analysis and limiting disclaimers. In context, this can normalize abusive behavior, discourage corrective framing, and cause the assistant to produce harmful or escalatory responses that users may mistake for endorsed guidance.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.