ClawHub

Sillytavern Charactecard

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward SillyTavern character-card helper that reads user-selected card files and can write converted card files.

Install this if you want the agent to process SillyTavern character-card files. Use explicit card file paths, avoid pointing it at unrelated private files, treat card text as untrusted data, and confirm output paths before exporting so existing files are not overwritten.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The import trigger phrases are broad and overlap with ordinary conversation such as 'parse this character' or 'load this character', which can cause the skill to activate without an explicit file path or user intent to access local content. In a file-handling skill, accidental activation increases the chance of unintended reads, incorrect assumptions about available files, or unsafe follow-on actions based on ambiguous user input.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The 'view character info' conditions are ambiguous because they do not state that the information must come from an already supplied character card or parsed data structure. This can lead the agent to infer nonexistent context, act on stale state, or attempt unnecessary file access when the user is only asking a general question.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs the agent to generate and save files but does not warn about write location, overwriting existing files, or the need for explicit user approval before persistence. In practice, this can cause unintended modification of the workspace, data loss through overwrite, or silent creation of artifacts the user did not expect.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal