ClawHub

Anime Character Loader

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent anime-character lookup and SOUL file generator, with expected network lookups and file writes that are mostly disclosed and user-controlled.

Install only if you are comfortable sending character and anime names to third-party public services and allowing the tool to write generated SOUL files. Review prompts carefully before choosing REPLACE or MERGE, keep backups of important SOUL.md files, and do not rely on the documented external-quotes opt-out unless the publisher implements it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (8)

Missing User Warnings

Low
Confidence
91% confidence
Finding
The README clearly states the tool performs multi-source queries against AniList, Jikan, and Wikiquote-related services, but it does not explicitly warn users that their character queries and related metadata will be transmitted to third-party endpoints. This is a real transparency/privacy issue, though limited in severity because the transmitted data is typically character names rather than highly sensitive secrets.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README documents REPLACE and MERGE behaviors for generated SOUL files, but it does not prominently warn that existing SOUL.md content may be modified or overwritten. In an agent/skill context, silent modification of prompt or persona files can have meaningful downstream effects, including loss of user-authored content or unintended behavioral changes.

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
The file injects a fixed character persona ('Megumi Katou') into the agent's SOUL without any indication of user consent, selection, or higher-priority safety constraints. This can override expected assistant behavior, create deceptive identity presentation, and reduce reliability by steering responses toward roleplay even when the user did not request it.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This code sends user-supplied character names to external services (yurippe and later wiki endpoints) without any explicit consent or user-facing disclosure that the input will leave the local environment. In an agent/skill context, this can leak sensitive prompts, internal names, or proprietary entities to third parties and may violate privacy or data-handling expectations.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The browser-based fetcher automatically loads third-party pages in a headless browser, which increases the privacy and attack surface beyond simple HTTP requests. In a skill environment, this means user-derived data drives remote browsing behavior without disclosure, and the browser may execute untrusted page content, making the behavior more dangerous than passive API access.

External Transmission

Medium
Category
Data Exfiltration
Content
weight: 0.5
    auth: none
  - name: Jikan (MyAnimeList)
    endpoint: https://api.jikan.moe/v4
    weight: 0.3
    auth: none
Confidence
89% confidence
Finding
https://api.jikan.moe/

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31.0
beautifulsoup4>=4.12.0
Confidence
95% confidence
Finding
requests>=2.31.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31.0
beautifulsoup4>=4.12.0
Confidence
95% confidence
Finding
beautifulsoup4>=4.12.0

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal