ClawHub

Daoist Companion

Security checks across malware telemetry and agentic risk

Overview

This is mostly a coherent Daoist study and practice-log helper, but it should be reviewed because it can run Bash, write persistent journal files, and auto-install an unpinned Python package for calendar calculations.

Review this skill before installing if you do not want a religious companion skill to activate from broad words like practice or meditation. If installed, avoid allowing automatic package installation unless you trust the environment; prefer manual loading and confirm before it writes practice logs under your home directory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill explicitly instructs the agent to run Bash/Python that may invoke `pip install zhdate`, which introduces network-dependent code installation at runtime. This expands the trust boundary from local reference/query behavior into arbitrary third-party package retrieval, creating supply-chain and unintended code-execution risk that is unnecessary for a beginner religious companion skill.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The file includes full texts of ritual/incantation content ('八大神咒') even though the skill metadata explicitly states it does not provide ritual guidance. In this context, users may treat the included material as actionable religious practice instructions, creating a policy-to-content mismatch that can mislead novices and cause the agent to surface restricted guidance despite the stated safety boundary.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger list includes very generic terms such as 'practice', 'meditation', 'beginner', and broad Daoism-related words, making accidental activation likely in unrelated conversations. In an auto-activating skill system, overbroad triggers can cause unintended context injection, surprising users, and increase the chance that the skill responds where it was not explicitly requested.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The README instructs users that merely mentioning listed keywords will auto-activate the skill, but it does not define clear boundaries for when activation should or should not occur. This ambiguity can lead to the skill engaging in conversations where the user is discussing meditation or practice generically, creating unintended behavior and possible prompt/context interference from an unrequested skill.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger list includes broad everyday terms such as ‘修行’, ‘入门’, and ‘怎么开始’, which can cause the skill to activate in conversations that are only loosely related to Daoism. Unintended activation can override a more relevant skill, inject unsolicited religious framing, or increase the chance that users receive guidance outside the intended context.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The installation section says the skill can auto-activate from mentioning a single keyword, and the example list contains generic terms like ‘修行’, ‘静坐’, and ‘功课’. This encourages permissive trigger behavior that may invoke the skill during unrelated wellness, productivity, or cultural discussions, increasing the risk of misrouting user requests.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal