ClawHub

Frustration Translator

Security checks across malware telemetry and agentic risk

Overview

This Markdown-only skill is not malware, but it asks agents to persist raw frustrated user messages and act on inferred intent too aggressively.

Review before installing. Use this only if you are comfortable with a shared frustration log, and consider removing or disabling the raw quote log. Do not let it override normal clarification, confirmation, or safety caveats for sensitive, costly, public, or irreversible actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill description uses very broad conversational cues such as anger, repetition, and phrases like "just fix it," which are common in normal user interactions. That can cause the skill to activate when it should not, leading the agent to reinterpret user intent and potentially suppress clarification in situations where precision or safety matters.

Vague Triggers

Low
Confidence
84% confidence
Finding
The scoring and response guidance create an ambiguous threshold for when the system should "translate" instead of responding normally, but they do not define sufficient constraints or fallback behavior. In practice, this can push the agent to infer intent from emotion-laden text and act without confirming critical details, increasing the chance of incorrect or unsafe execution.

Ssd 3

Medium
Confidence
95% confidence
Finding
This file explicitly instructs the system to append detected frustration events and store raw user statements alongside inferred meaning and resolutions. That creates a persistent natural-language memory of potentially sensitive user inputs, internal operational details, and behavioral profiling data, which can later be exposed to other agents, prompts, or logs beyond the original interaction context.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal