ClawHub
Back to skill

Security audit

Wanxiang Scroll Personality

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Chinese storytelling/persona skill with some output-style risks, but it does not run code or request access to private data.

Install only if you want this Chinese interactive-fiction style pack. Keep platform rules above its templates, do not expose hidden reasoning in final answers, and avoid using its inner-state or adult-roleplay guidance for real people or sensitive scenarios.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
The file embeds an explicit `<thinking>` template and instructs the model to generate it as part of operation, which directly pressures the assistant to reveal internal reasoning. Even in a creative-writing skill, exposing hidden chain-of-thought is unnecessary for user value and can leak policy-sensitive reasoning, enable prompt extraction, and weaken downstream safeguards.

Ssd 3

Medium
Confidence
87% confidence
Finding
The instruction to always output characters' hidden internal state, including desires and fears, normalizes disclosure of latent/private information that should often remain implicit. In roleplay or agent contexts, this can cause the model to reveal hidden attributes, confidential subtext, or inferred mental state that the user did not need to see and that may bleed into privacy-sensitive scenarios.

Ssd 3

Medium
Confidence
99% confidence
Finding
The embedded `<thinking>` block explicitly asks for internal planning steps and a final confirmation marker, encouraging the model to print hidden reasoning in the final output. This is dangerous because internal reasoning may contain safety logic, hidden instructions, or exploitable cues that attackers can use for prompt injection refinement or policy circumvention.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.