ClawHub

大佬思想蒸馏框架

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed AI persona-simulation forum with legal and confidentiality cautions, but no evidence of hidden malware or unsafe system behavior.

Install only if you want an AI-assisted thought-leader/persona simulation tool. Do not treat outputs as real quotes, endorsements, or current views of named people; keep the visible simulation labels; avoid public or commercial reuse without legal review; and do not paste confidential meeting notes, customer data, employee data, or unreleased strategy unless your organization permits that use. Ask the agent to confirm before web searching or creating a new persona.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
77% confidence
Finding
The instruction to 'search for background information' introduces an external-information acquisition step without any guardrails on source trust, data handling, or output labeling. In a persona-simulation skill, that can cause the model to ingest unreliable or sensitive material and then present synthesized statements as attributed viewpoints, increasing the risk of misinformation, privacy leakage, or prompt-injection through retrieved content.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The quick-start example uses a very generic natural-language trigger ('用讨论模式,主题是XXX,让XXX参与') without defining strict invocation boundaries, confirmation steps, or role constraints. In a skill that simulates public figures and supports dynamic role distillation, broad triggers increase the chance of accidental activation, unintended persona invocation, or misuse for impersonation-like outputs that may be attributed to real people despite the disclaimer.

Vague Triggers

Medium
Confidence
84% confidence
Finding
Broad trigger phrases can cause accidental or adversarial activation of the skill in unrelated conversations. That expands the attack surface for prompt steering, unintended persona simulation, and misattributed outputs, especially in environments where skills are auto-invoked based on loose keyword matching.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The automatic activation rule for missing-background guidance is overly ambiguous, which can cause the skill to take over ordinary conversation flows without clear user consent. In a multi-skill or agentic environment, ambiguous auto-activation increases the risk of prompt hijacking, context confusion, and unintended disclosure of user context into the skill workflow.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal