ClawHub

Musk First Principles

Security checks across malware telemetry and agentic risk

Overview

This is a non-executable advisory skill for Chinese-first first-principles business and engineering analysis, with no evidence of hidden access, persistence, or data handling.

Install this if you want a Chinese-first Musk-style first-principles advisory framework. Treat it as brainstorming support, verify factual claims and any financial or strategic recommendations independently, and expect it to bias answers toward disruption, cost decomposition, and scaling analysis.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The activation examples are very broad and match common business, strategy, and advisory requests, so the skill may trigger in situations where the user did not explicitly ask for a Musk-style framework. That can cause unintended routing, persona over-application, and lower-quality or biased advice in unrelated contexts, especially because the skill encourages a strong framing around disruption and first-principles reasoning.

Natural-Language Policy Violations

Medium
Confidence
86% confidence
Finding
The skill declares Chinese as the primary language without an explicit user opt-in, which can override user preference and lead to confusing or inaccessible responses. In a general-purpose advisory setting, forced language behavior is risky because it can degrade usability, cause misunderstanding of recommendations, and interfere with downstream workflows that expect another language.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal