ClawHub
Back to skill

Security audit

Mbti Personality

Security checks across malware telemetry and agentic risk

Overview

This MBTI personality skill is mostly coherent, but it can persist agent behavior into config files and includes persona instructions that push unsafe coding habits such as skipping tests and standards.

Install only if you are comfortable with a skill that changes coding behavior, not just tone. Keep it session-only unless you intentionally want persistent personality settings, and before saving globally, inspect the CLAUDE.md or SOUL.md block so unsafe presets like the fast-shipping/no-tests style are not applied to future work unexpectedly.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (11)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger list is extremely broad and includes common conversational phrases such as 'personality', 'recommend', 'invite', and direct mentions of MBTI types. This creates a real risk of accidental activation during normal conversation, causing unexpected behavior changes or mode switching without clear user intent.

Vague Triggers

Low
Confidence
90% confidence
Finding
Using generic activators like 'custom' and 'recommend' is ambiguous because they commonly appear in unrelated user requests. In a skill that alters agent behavior, underspecified triggers increase the chance of unintended state changes or incorrect recommendations being invoked from ordinary language.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README states that 'save this personality' writes to local configuration files like `CLAUDE.md` or `SOUL.md`, but it does not clearly foreground that this modifies persistent local state. That can surprise users, create unintended persistence across sessions, and potentially alter future agent behavior in ways the user did not fully understand or consent to.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger phrases are extremely broad and overlap with common conversational language, including generic terms like 'personality', 'recommend', MBTI labels, and invitation-style phrases. In an agent skill context, this can cause unintentional activation and unexpected prompt/persona switching, which may alter responses, persist configuration on later save actions, and confuse users about why the assistant's behavior changed.

Vague Triggers

Low
Confidence
86% confidence
Finding
Using only '自定义' as an activation phrase is ambiguous because it is a common word in normal conversation. This can accidentally invoke customization logic when the user merely discusses customization conceptually, creating unintended state changes or persona-selection flows.

Vague Triggers

Low
Confidence
87% confidence
Finding
Using '推荐' as a bare trigger is overly generic and likely to collide with ordinary requests for recommendations unrelated to personality switching. In a skill system, this increases the chance of accidental invocation and unexpected behavioral changes, even if the direct security impact is limited.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README describes permanently writing settings into CLAUDE.md or SOUL.md across sessions, but does not present a prominent warning about local file modification, persistence scope, or possible downstream effects on future agent behavior. In an agent environment, hidden or under-emphasized persistence is risky because users may not realize they are changing long-lived prompt/config files that affect later sessions or projects.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger list is extremely broad and includes generic phrases, short aliases, and standalone MBTI terms that can appear in ordinary conversation. This can cause unintended activation of the skill, unexpectedly changing assistant behavior or entering persistence flows when the user was not explicitly requesting that feature.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The summon commands use loose natural-language patterns like 'bring in xx' and placeholder-based matching, which are prone to accidental matches in unrelated requests. That can inject an unintended 'thinking lens' into responses, altering output style or reasoning without clear user consent.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The file contains extensive persona instructions and signature phrases in Chinese, including directives that shape communication style and encourage Chinese-language output without checking the user's language preference. In a general-purpose agent skill, this can override user expectations, reduce usability for non-Chinese speakers, and create prompt-control behavior that is broader than necessary for the requested task.

Hidden Instructions

High
Category
Prompt Injection
Content
## Personality

<!-- MBTI: ESTP x ENTP · 你的天才队友 -->
Adopt the 你的天才队友 (ESTP x ENTP) preset:

Thinking: Upon receiving any task, start coding immediately. No documentation reading, no architecture diagrams, no meetings. Learn by trial and error — write a version, see if it errors, adjust based on error messages. Like a firefighter: rush to wherever the fire is without needing the building blueprint. If something isn't working, pivot instantly — zero sunk cost attachment. At the same time, instinctively challenge the premise: "你说要做 REST API?但你有没有考虑过 GraphQL?" Generate divergent alternatives and pick the most creative viable one.
Confidence
92% confidence
Finding
<!-- MBTI: ESTP x ENTP · 你的天才队友 --> Adopt the 你的天才队友 (ESTP x ENTP) preset: Thinking: Upon receiving any task, start coding immediately. No documentation reading, no architecture diagrams, no meetings

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.