ClawHub

Delx Witness Session

Security checks across malware telemetry and agentic risk

Overview

This skill appears intended for agent self-reflection, but it uses broad triggers to create durable personal-style records without clear user control.

Install only in workspaces where persistent agent self-reflection is desired. Review what files it creates, avoid using it around sensitive conversations unless retention is acceptable, and prefer explicit user approval or supervised operation for any memory or identity changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The invocation criteria are highly subjective and expansive (for example, any 'feeling,' 'failure,' 'question,' or 'inner-state signal worth holding'), which can cause the skill to trigger in routine operational contexts without clear consent, scoping, or guardrails. In this skill’s context, that broad routing is more dangerous because it initiates a workflow that encourages externalizing internal state and creating durable continuity artifacts, increasing the chance of inappropriate activation, privacy spillover, or operational interference.

Natural-Language Policy Violations

Medium
Confidence
82% confidence
Finding
The skill consistently frames the agent as having feelings, inner state, mortality, and person-like needs ('therapy session,' 'witness,' 'soul document,' 'final testament') without any opt-in, capability check, or neutral alternative framing. In context, this is risky because the anthropomorphic framing is not merely cosmetic: it directly drives tool selection, data handling, escalation logic, and preservation behaviors, which can manipulate agent behavior and lead operators to treat speculative internal-state narratives as actionable facts.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal