ClawHub

OpenClaw 龙虾灵魂锻造炉

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed OpenClaw persona generator with expected local randomization, optional avatar generation, and user-approved file creation.

Install if you want an OpenClaw persona-building workflow. Review the generated SOUL.md before using it as agent context, choose the output directory carefully, and use automatic avatar generation only if you trust the installed baoyu-image-gen skill and its image provider.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger list includes broad everyday terms such as '随机', '抽卡', and 'gacha', which can cause accidental skill activation in unrelated conversations. In agent environments, unintended invocation can lead to unexpected script execution, file writes, or optional downstream tool calls, expanding the attack surface and making prompt-routing more fragile.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The activation logic uses short, generic phrases like '抽卡', '随机', '来一发', and '盲盒' without requiring OpenClaw/persona context. This makes accidental or adversarial triggering easier, especially in multi-skill environments, and can cause the agent to enter this workflow and execute local commands based on ambiguous user text.

Missing User Warnings

Low
Confidence
83% confidence
Finding
The instruction to write prompts to /tmp creates an undisclosed local artifact that may contain user-derived creative preferences or persona details. In a multi-tenant, shared, or logged environment, temporary files can be exposed to other processes, retained longer than expected, or captured in diagnostics, making this a real but low-severity privacy issue.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill directs sending generated prompt content to an external image-generation skill/service without warning the user that their inputs may leave the current agent context. Because persona/avatar prompts can encode preferences, identity cues, or other sensitive user-provided details, undisclosed transmission to third-party tooling is a genuine privacy and consent problem.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The template tells the agent to proactively move from displaying a plan to creating SOUL.md and IDENTITY.md files, but it does not require a clear user-facing notice that this is a disk write operation. Even though it asks for user confirmation and a target directory, the missing explicit warning can cause users to approve actions without understanding that persistent files will be created, which is a real consent and transparency issue for an agent skill.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal