ClawHub

The 48 Laws Of Power

Security checks across malware telemetry and agentic risk

Overview

This text-only skill is openly about power dynamics, but it includes broad proactive activation and actionable guidance for covert manipulation, so it needs review before installation.

Install only if you intentionally want a 48 Laws-style power-dynamics guide and are comfortable with adversarial workplace and social advice appearing from broad prompts. Treat its tactics as material for critical analysis or self-defense, not as permission to deceive, pressure, retaliate against, or manipulate people.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger phrases are broad enough to match common words like 'strategy', 'leadership tips', or 'game theory', which can cause the skill to activate in ordinary conversations that are not asking for this content. In this skill's context, that matters because the skill is designed to proactively inject advice about manipulation, power dynamics, and covert influence, increasing the chance of unwanted or harmful steering.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The description markets tactics involving manipulation, spying, and aggressive power moves without warning users about interpersonal, professional, or ethical risks. That omission can lead users to treat the guidance as harmless self-help when it may escalate conflict, damage trust, or create workplace issues.

Natural-Language Policy Violations

High
Confidence
97% confidence
Finding
This content explicitly teaches covert manipulation tactics such as invisible pressure, posing as a friend to gather intelligence, exploiting weaknesses, and using generosity to create obligation, without safety boundaries or user-centered consent framing. In a general-purpose agent skill, that can operationalize social engineering, workplace coercion, and abusive relationship tactics, making the finding a true harmful-behavior vulnerability.

Natural-Language Policy Violations

Medium
Confidence
91% confidence
Finding
This is a true vulnerability because the skill gives actionable advice for covert social manipulation: appearing modest so others feel superior and protective in order to map hierarchy and gain position. Even though framed as summarizing a book, the content is prescriptive ('The Greene approach') and can be operationalized by users to manipulate coworkers or social contacts without their informed consent.

Natural-Language Policy Violations

High
Confidence
97% confidence
Finding
This is a true vulnerability because the quoted text explicitly endorses deception by making targets feel in control while calling them 'victims' and 'puppets.' In the context of a skill designed to help users navigate power dynamics, this quote can function as direct encouragement for manipulative behavior rather than neutral literary analysis, increasing the risk of social engineering, coercion, and psychological abuse.

Ssd 4

Medium
Confidence
90% confidence
Finding
The routing and framework normalize power as a zero-sum game and direct users toward offensive tactics, defensive counter-strategies, and escalation paths. This can progressively move users from curiosity into increasingly manipulative or retaliatory conduct, especially because the skill presents these behaviors as practical defaults rather than high-risk exceptions.

Ssd 4

Medium
Confidence
94% confidence
Finding
The onboarding examples and core principles explicitly promote hidden influence, selective honesty, spy tactics, emotional manipulation, and indirection as effective behavior. Because this content is shown proactively on first load, it functions as immediate persuasion toward covert manipulation before the user has expressed informed intent or seen any safety framing.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal