ClawHub

平行历史

Security checks across malware telemetry and agentic risk

Overview

This appears to be a disclosed parallel-history roleplay/game skill, with the main risk being accidental activation from broad trigger phrases rather than harmful behavior.

Install this if you want a conversational parallel-history game. Be aware that casual phrases about starting from a year or changing history may trigger game mode; use explicit wording when you intend to start it, and disable or avoid the skill if accidental activation would disrupt normal history conversations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger phrases are broad natural-language inputs such as '推演历史' and '我想改变历史', which can plausibly appear in ordinary conversation and cause accidental activation of the skill. In a chat environment, unintended invocation can disrupt user intent, override the expected assistant behavior, or pull the conversation into a politically themed simulation without explicit consent.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger pattern '从XX年开始' is highly ambiguous because it can naturally occur in many non-game contexts, including historical explanation or planning. This creates a realistic risk of accidental activation, especially in a history-themed skill where the ambiguous phrase overlaps directly with normal user discourse.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger pattern '从XX年开始' is highly ambiguous because it can naturally occur in many non-game contexts, including historical explanation or planning. This creates a realistic risk of accidental activation, especially in a history-themed skill where the ambiguous phrase overlaps directly with normal user discourse.

Vague Triggers

Medium
Confidence
84% confidence
Finding
Repeating vague trigger phrases in the usage section reinforces the broad activation boundary instead of constraining it. In a skill that may persist state and alter conversation mode, lack of clear exclusion rules increases the chance of unintended activation and user surprise.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal