ClawHub

Black Elk Speaks

Security checks across malware telemetry and agentic risk

Overview

This text-only skill has no malware-like behavior, but it gives broad spiritual guidance and self-administered Lakota ceremony instructions without enough boundaries.

Install only if you specifically want a Black Elk Speaks-inspired spiritual reflection tool. Treat its ceremony suggestions as interpretive prompts, not authentic Lakota ceremonial instruction, and avoid relying on it for cultural, therapeutic, or religious authority.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill goes beyond summarizing or contextualizing a book and gives users actionable ceremonial instructions framed as spiritually meaningful practice. In a sensitive indigenous-religious context, this can mislead users into performing appropriated, fabricated, or unsafe rituals without cultural authority, which raises harm beyond ordinary self-help advice.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The document explicitly claims fidelity to Black Elk's framework, but the example output appears to invent ritualized instructions such as directional gratitude actions and presenting them as the beginning of pipe ceremony. That mismatch is dangerous because users may trust the skill as a faithful source and receive fabricated ceremonial guidance under the authority of an indigenous sacred tradition.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger list includes broad phrases such as feeling disconnected, needing meaning, or having the world fall apart, which can match many ordinary conversations. Overbroad activation can inject culturally specific spiritual framing into unrelated or vulnerable user contexts, increasing the chance of inappropriate advice and unsolicited influence.

Vague Triggers

Medium
Confidence
84% confidence
Finding
Saying the skill will appear whenever it 'senses this book could help' creates an undefined activation rule that encourages subjective, expansive triggering. In practice this can cause unsolicited interventions in sensitive emotional or spiritual conversations, reducing user control and increasing the likelihood of contextually inappropriate outputs.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The file explicitly instructs users to begin a ceremonial spiritual practice ('Start with the pipe offering. Face the directions. Speak gratitude.') without any safety, cultural, or contextual guardrails. In this skill’s context, that is risky because it encourages non-experts to imitate a living Indigenous sacred practice, which can mislead vulnerable users seeking meaning and promote inappropriate or disrespectful engagement with ceremonies they do not understand.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal