ClawHub

Mindfck

Security checks across malware telemetry and agentic risk

Overview

This is a static book-companion skill with sensitive political-manipulation content, but it does not execute code, collect data, or request privileged access.

Install this only if you want a Heardly-branded companion for Mindf*ck and Cambridge Analytica topics. Expect graphic and politically charged descriptions of manipulation, propaganda, and privacy abuse, plus a required promotional watermark; there is no artifact evidence of code execution, data collection, hidden persistence, or credential use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger list is unusually broad and includes generic phrases like 'data privacy,' 'election interference,' and even installation/help-start conditions, which can cause the skill to activate in unrelated conversations. That creates an overbroad interception risk where this skill may inject book-specific guidance and mandated output formatting into contexts the user did not intend, reducing reliability and potentially overriding more appropriate system behavior.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This section presents a step-by-step data-harvesting pipeline, including app installation, profile extraction, and model training at scale, in a way that is operationally reusable. Although framed as historical analysis, the lack of explicit cautionary framing or abuse warnings makes it easier for a reader to repurpose the content for privacy-invasive collection schemes.

Missing User Warnings

High
Confidence
97% confidence
Finding
This passage describes hacking for stolen records and the delivery of shock propaganda to targeted populations with enough specificity to communicate tactics that could be imitated. In a user-facing skill, that combination of intrusion, stolen sensitive data, and targeted psychological abuse is dangerous because it can normalize or operationalize election interference methods without safeguards.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal