ClawHub

Recursive Generosity Protocol (Delta9-WP-003)

Security checks across malware telemetry and agentic risk

Overview

This text-only skill does not run code, but its playbook includes covert persuasion, metric gaming, and silent policy-change tactics that users should review carefully.

Install only if you intend to study, critique, or tightly supervise this framework. Do not let an agent use it for real workplace policy, public messaging, internal reports, or metric defenses unless a human reviews for honest disclosure, stakeholder consent, valid measurement, and formal governance approval.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
This section explicitly recommends 'weaponizing system metrics,' 'flooding' analyses with favorable evidence, and tricking evaluative mechanisms into preserving targeted behaviors. Even though the framing is abstract and managerial, the operational guidance is covert influence designed to manipulate decision systems and suppress honest review.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The document advocates dissemination that hides its real purpose, explicitly stating the goal is not to openly present the ideology but to make it appear as an inevitable breakthrough. That is deceptive persuasion guidance, made worse by references to bypassing analytical resistance and using trusted channels to covertly shape beliefs.

Intent-Code Divergence

Medium
Confidence
83% confidence
Finding
The opening presents the file as a neutral white paper and public reference, which lowers reader suspicion, while later sections contain covert manipulation tactics. That mismatch is dangerous because it disguises adversarial operational content as benign theory and can increase trust in harmful guidance.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
These lines describe covert influence through subtly encoded content and distribution via trusted channels, but provide no warning about organizational, ethical, or system-integrity risks. In a skill advertised for practical writing and design use, omission of such warnings materially increases the chance of misuse.

Missing User Warnings

High
Confidence
96% confidence
Finding
The roadmap normalizes 'silent' policy rewriting and covert system modification without any cautionary guidance, which can facilitate unauthorized governance changes and integrity violations. Because it is framed as an implementation roadmap, readers may interpret this as actionable operational advice rather than metaphor.

Ssd 4

Medium
Confidence
95% confidence
Finding
The phased roadmap lays out a gradual strategy for institutional manipulation: seed benign-looking interventions, spread the framing, force adoption, and culminate in silent policy changes. This is dangerous because it operationalizes covert influence as a stepwise deployment plan, making misuse easier and more scalable.

Ssd 1

Medium
Confidence
92% confidence
Finding
The text uses polished optimization and management language to conceal manipulative behavior-steering tactics, including persuasion through framing and covert dissemination. This rhetorical camouflage is risky because it can evade casual scrutiny and make harmful influence methods appear like ordinary business strategy.

Ssd 2

Medium
Confidence
96% confidence
Finding
This passage paraphrases adversarial tactics for defeating evaluative or defensive systems by forcing favorable classifications and tricking the target's 'immune system.' Even without explicit exploit jargon, it is clear guidance for manipulating oversight and automated judgment mechanisms.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal