ClawHub
Back to skill

Security audit

圣灵安慰 - 以圣经为根基,为用户提供属灵安慰、祷告词、圣经问答和情绪陪伴。

Security checks across malware telemetry and agentic risk

Overview

This is a clearly disclosed Christian comfort prompt with no code or system access, though users should not treat it as crisis or medical care.

Install this only if you want explicitly Christian, Bible-based support, likely in Chinese. Do not rely on it for emergencies, self-harm thoughts, acute psychiatric distress, medical decisions, or serious illness; use local emergency services, crisis resources, licensed clinicians, or trusted pastoral care as appropriate.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly targets users experiencing low mood, confusion, anxiety, grief, and emotional pain, but only offers spiritual comfort and prayer without clear crisis escalation for self-harm, suicidality, or acute psychiatric distress. In a high-risk mental-health context, omission of immediate safety guidance can delay access to emergency or professional support and create unsafe over-reliance on the skill.

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
The skill metadata and opening instructions strongly frame interactions as Christian and Chinese-language by default, without an explicit check that the user wants faith-based counseling or Chinese output. This can lead to unwanted religious persuasion or language mismatch, especially when vulnerable users seek neutral support, reducing informed consent and potentially worsening distress or alienating the user.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.