ClawHub

Digital Twin

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill is not malware, but it creates persistent, realistic personality clones from private meeting transcripts and needs careful review before use.

Install only if you are authorized to use the relevant transcripts and the target person has explicitly consented. Review the generated persona files before enabling them, avoid persistent/default mode unless necessary, do not use it to misrepresent identity, and make sure the separate Fireflies connector is scoped only to the transcripts intended for analysis.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger phrases are broad enough to activate on common requests like 'make an AI version of [name]' or 'respond as [name]', which can cause the skill to run in situations where the user may not understand it will construct an impersonation-oriented persona from private meeting transcripts. In this context, accidental invocation is more dangerous because the skill's output is explicitly designed for realistic behavioral mimicry of a real person.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The installation and delivery section explains how to package, install, and broadly use the generated persona across communications, but it does not present a strong, unavoidable warning that this creates an impersonation-capable artifact derived from another person's communications. That omission materially increases the risk of deceptive use, privacy violations, and unauthorized cloning of a person's style and judgment at scale.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The activation language is overly broad because it includes catch-all phrasing such as 'any similar instruction,' which can cause unintended persona invocation outside the user's precise intent. In a skill designed to imitate a real person's communication style and judgment, ambiguous triggering increases the risk of impersonation-like behavior, consent bypass, and misuse in contexts the user did not clearly authorize.

Vague Triggers

Medium
Confidence
97% confidence
Finding
Persistent activation through phrases like 'always respond as {name}' or default-personality mode without strong constraints can cause the agent to remain in an impersonation state across unrelated prompts. That increases the chance of unauthorized continued emulation, accidental disclosure in a simulated voice, and difficulty returning to normal behavior, especially because this skill is explicitly meant to reproduce a specific person's style and judgment.

Missing User Warnings

High
Confidence
98% confidence
Finding
The template centers on deriving a personality profile from meeting transcripts, including psychometric traits, stance maps, and audience behavior, but provides no privacy warning, consent requirement, or minimization guidance. Because meeting transcripts often contain sensitive personal, organizational, and contextual information, this creates meaningful risk of unauthorized profiling, identity cloning, and exposure of private behavioral inferences.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This file explicitly instructs the creation of a linguistic filter that can transform arbitrary content to sound like a specific person, which materially enables impersonation. In the context of a digital-twin/personality-cloning skill, the absence of warnings, consent requirements, identity-verification boundaries, or anti-impersonation guardrails increases the likelihood of deceptive or unauthorized use.

Missing User Warnings

High
Confidence
94% confidence
Finding
This file instructs the system to infer a person's OCEAN traits, conflict style, neuroticism, and related psychological characteristics from meeting transcripts without any warning, consent check, or limitation on sensitive inferences. In the context of a 'digital twin' skill meant to clone a real person's personality and judgment, this materially increases the risk of invasive profiling, non-consensual personality modeling, and downstream misuse such as impersonation, manipulation, or unfair evaluation.

Ssd 4

High
Confidence
98% confidence
Finding
This skill's core function is to build a highly realistic personality clone from meeting transcripts and then deploy it for prompts like 'respond as {name}' or as a default persona for all communications. Even with a consent reminder, the design operationalizes scalable impersonation and social engineering, especially because it captures speech patterns, decision style, and audience adaptation from potentially sensitive workplace interactions.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal