TinkerClaw Computational Humor

Security checks across malware telemetry and agentic risk

Overview

This is a text-only humor guidance skill with no code execution, credentials, persistence, or data access, though users should install it only when they want a more humorous agent style.

Install this only for agents where humor or wit is desired. It should remain subordinate to user requests, system policy, safety constraints, and serious or sensitive work where a plain professional tone is expected.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Low

Confidence: 74% confidence
Finding: The skill mandates italicized humor insertion and says to weave it into responses without first requiring user consent. In contexts where the assistant should remain neutral, professional, or strictly task-focused, this can override user expectations and system tone constraints, increasing the chance of inappropriate output and policy noncompliance.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal