ClawHub

动物园规则怪谈

Security checks across malware telemetry and agentic risk

Overview

This is a fictional text-adventure skill that edits a local game save file, with messy copied game content but no evidence of hidden execution, credential use, exfiltration, or real-world destructive behavior.

Install only if you are comfortable with the skill creating and modifying a local game_state.md save file. Keep it in a dedicated game folder, review inventory or save changes before important overwrites, and treat the fourth-wall horror content as fictional narration rather than instructions to inspect your real environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

High
Confidence
94% confidence
Finding
The file content materially contradicts the declared skill theme: instead of a zoo rule-horror opener, it implements a cultivation-game initialization flow with different systems, items, and progression. This kind of semantic mismatch can cause an orchestrator or reviewer to load the wrong capability, bypass policy expectations, or expose users to behavior they did not request, making it a genuine integrity and trust-boundary issue even though it is not direct code execution.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly permits irreversible inventory modification when the user's response is ambiguous by auto-dropping the 'least important' item. That creates a state-changing action without clear, affirmative consent and can destroy game data or player-critical items due to parsing error, misunderstanding, or prompt ambiguity. In this game context the impact is bounded to persistent game state, but the persistence to `game_state.md` makes accidental loss real rather than cosmetic.

Missing User Warnings

Low
Confidence
85% confidence
Finding
The skill description explains reads and saves state but does not prominently warn users up front that it performs persistent writes to `game_state.md`. This weakens user awareness around stateful side effects and increases the chance that users or orchestrating agents invoke it expecting a read-only operation, leading to unintended permanent changes. The danger is lower because persistent state management is the stated purpose of the skill, but transparency is still insufficient.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The skill instructs reading and then saving changes to `game_state.md` without clearly warning users or calling systems that persistent state will be modified. In an agent environment, undocumented write behavior can lead to unintended state corruption, surprising side effects, or irreversible progression changes when invoked under the assumption of a read/query operation.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The note that teammate departure causes loss of backpack items warns about game consequences but does not clearly state that the skill may perform irreversible state deletion. In a stateful agent system, incomplete disclosure of destructive effects increases the risk of accidental data loss and makes recovery difficult if item ownership is removed or overwritten.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal