ClawHub

AI大佬思想蒸馏框架

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed persona-simulation and discussion aid with some scoping/privacy cautions, but no evidence of hidden access, exfiltration, destructive behavior, or persistence.

Install only if you want AI-generated simulations of real people or executive personas for internal brainstorming. Keep the required simulation labels, do not present outputs as real quotes or authorized opinions, and avoid sharing confidential meeting notes or strategy material when external search or retrieval tools are available.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
83% confidence
Finding
The skill is presented as a persona-simulation tool, but it also states it may search for or supplement background information autonomously. Hidden or unexpected external retrieval can expose user-provided meeting notes, strategy content, or sensitive prompts to external systems and changes the skill's trust boundary without clear consent.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The documented invocation is very broad ('用讨论模式,主题是XXX,让XXX参与') and the metadata trigger words are generic, which increases the chance the skill is activated in unintended contexts. In an agent ecosystem, overbroad triggers can cause prompt-routing mistakes, unexpected persona simulation, and accidental processing of sensitive or unrelated user requests.

Natural-Language Policy Violations

Medium
Confidence
78% confidence
Finding
The README is entirely in Chinese and presents usage/output expectations in Chinese without stating that language should follow user preference. This can cause the agent to override the user's chosen language or reduce transparency for reviewers, which is a policy/compliance and usability risk rather than a direct exploit.

Vague Triggers

Medium
Confidence
80% confidence
Finding
A broad trigger such as generic 'discussion' wording can activate the skill during ordinary conversation rather than deliberate invocation. In this context, accidental activation could cause unintended persona simulation, processing of sensitive business context, or retrieval behavior the user did not mean to trigger.

Vague Triggers

Medium
Confidence
81% confidence
Finding
Several invocation phrases are generic enough to overlap with normal user requests, increasing the chance of unintended skill activation. Because this skill can simulate real individuals and potentially pull in background material, accidental activation raises both privacy and impersonation-risk concerns.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill indicates it may search or load background materials, but it does not clearly warn users how their data will be handled before doing so. This is risky because users may paste internal meeting notes or strategic information, unaware that the skill may transmit or process that content beyond the immediate local interaction.

Natural-Language Policy Violations

Medium
Confidence
94% confidence
Finding
The persona file is entirely written in Chinese and the surrounding skill metadata also implies Chinese-triggered usage, with no indication that users can select another language. This can coerce model behavior toward Chinese-only responses, reducing transparency and accessibility for users who operate in other languages and increasing the chance of misunderstanding policy, consent, or safety-critical content.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal