ClawHub

Persona Forge

Security checks across malware telemetry and agentic risk

Overview

This skill is a local persona note logger rather than a full character generator, and its storage behavior is disclosed enough to treat it as benign with caution.

Install only if you want a local persona note/history tracker. Do not enter private or proprietary material unless you are comfortable with it being saved under ~/.local/share/persona-forge, and be aware that the advertised generation/export/status behavior may not work as users would normally expect.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The body of the skill describes a generic command-line utility toolkit, while the manifest claims a persona design skill. This kind of semantic deception is dangerous because users and orchestrating systems may route character-design content into a tool that instead archives arbitrary text and exposes it through search, export, recent-history, and status features.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The examples imply that commands generate, analyze, or validate personas, but the stated mechanics say they merely append/view log entries. This can trick users into submitting detailed character notes, story concepts, or potentially sensitive material believing they are invoking processing rather than creating persistent records.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The skill metadata promises a character-design tool, but the implemented interface is a generic logging/data utility. This mismatch is dangerous because it can mislead users and hosting platforms into granting trust or access to a tool that silently performs unrelated persistent data collection instead of the advertised function.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The core command handlers do not create or process character data; they simply append arbitrary user input to local log files and history. Persistently capturing arbitrary inputs under the guise of a creative tool creates a privacy and trust risk, especially if users paste sensitive notes, prompts, or personal data expecting normal tool behavior.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The command set includes broad system-style capabilities such as config, status, stats, search, and export that are not well justified for a character-creation skill. In this context, these features increase the ability to collect, enumerate, and exfiltrate user-provided content from local storage beyond what users would reasonably expect.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The help text advertises export behavior, but the main command branch shown earlier for 'export' just logs arbitrary input instead of performing the documented action. This deceptive interface can cause users to submit data believing they are converting or exporting content when they are actually adding more sensitive material to persistent logs.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The help text claims 'status' is a health check, but the earlier case branch for 'status' logs arbitrary input instead of returning status. This kind of behavioral inconsistency is risky because it masks data capture behind an innocuous command name and undermines informed user consent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill documents persistent local storage of user-provided content, history tracking, and export features, but does not prominently warn users about retention or privacy implications. In context, this is more dangerous because a persona-creation skill may receive rich freeform text such as story notes, personal traits, or proprietary creative material that users may not expect to be archived and exportable.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
User-supplied input is written verbatim to persistent local log files without warning, consent flow, retention policy, or sanitization. In a character-creation context, users may enter personal narratives, proprietary story material, or credentials by mistake, making undisclosed retention and later search/export particularly sensitive.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal