mbti-from-ai

Security checks across malware telemetry and agentic risk

Overview

The skill appears to do its advertised MBTI analysis, but it broadly reads and stores past OpenClaw chats to profile the user, so it should be reviewed carefully before installation.

Install only if you are comfortable with the skill scanning broad local OpenClaw history, consolidating user messages into local plaintext files, using your configured LLM backend to analyze them, and opening a third-party visualization URL containing the derived result in the hash. Prefer running it on a reviewed subset of sessions if possible, and delete _mbti_work afterward if you do not want the extracted messages and profile retained.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Rogue AgentSelf-Modification, Session Persistence
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (6)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 93% confidence
Finding: The skill's high-level description frames the behavior as MBTI analysis and visualization, but the implementation materially expands scope by recursively scanning `~/.openclaw/`, aggregating conversation history, and opening an external site with derived profile data. This mismatch undermines informed consent because users may not realize the skill reads all local chat archives and exports derived personal data into a browser context.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The script automatically scans the user's local OpenClaw data directory and records session file paths into a workspace file, which reveals the existence and location of potentially sensitive chat history without an explicit consent prompt or prominent warning. In the context of a skill whose purpose is to analyze chat history for personality profiling, this behavior increases privacy risk because it facilitates collection of personal conversation data from default local storage.

Ssd 3

High

Confidence: 98% confidence
Finding: The skill instructs the agent to collect user messages from local chat archives and submit them to the configured LLM backend for personality inference, while presenting this as privacy-safe. Aggregating private historical conversations into a single corpus materially increases exposure of sensitive data and can send far more personal information to the model provider than the user expects.

Ssd 3

High

Confidence: 99% confidence
Finding: This section explicitly directs the agent to search all sessions and extract all user messages into a consolidated file. Centralizing a user's complete message history creates a high-value local dossier that increases the blast radius of accidental disclosure, overcollection, and downstream transmission to other tools or services.

Ssd 3

High

Confidence: 99% confidence
Finding: The skill then reads the aggregated corpus to infer psychological traits and generate a structured profile from private conversations. Profiling sensitive personal attributes from historical chat data is intrinsically privacy-invasive, and the risk is amplified because the inference is based on broad surveillance of prior interactions rather than narrowly scoped input provided for this purpose.

Session Persistence

Medium

Category: Rogue Agent
Content: name: mbti-from-ai version: 0.2.0 description: 分析用户与 AI 的聊天历史，根据沟通方式和思维模式推断 MBTI 人格类型，生成结构化 JSON 并在网页上展示可视化画像。 allowed-tools: Bash, Read, Glob, Grep, Write --- # mbti-from-ai
Confidence: 78% confidence
Finding: Write --- # mbti-from-ai 你的任务是以 **资深行为心理学分析师** 的角色，分析 **运行此命令的用户** 与 AI 的历史对话，从中提取用户发送的消息，根据沟通方式、思维模式、决策风格推断其 MBTI 人格类型，生成结构化 JSON，然后在网页上展示可视化画像。 **核心原则：只看用户说了什么，不看 AI 回复了什么。** AI 的回复仅作为理解上下文的参考。

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal