ClawHub

The Celestine Prophecy

Security checks across malware telemetry and agentic risk

Overview

This is a text-only book guidance skill with disclosed spiritual/self-help content and no code, persistence, credential access, or data exfiltration behavior.

Before installing, consider whether you want a spiritual self-help framing applied to topics like relationships, intuition, and personal energy. Treat its claims about energy fields, auras, and relationship dynamics as reflective book-based guidance, not medical, psychological, or scientific advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
96% confidence
Finding
The listed triggers include broad phrases like "I'm looking for meaning," "energy," and activation when a user "doesn't know how to start," which overlap with common everyday speech and many unrelated contexts. The file does not provide exclusion conditions or tighter scope boundaries, making it unclear when this specific book skill should activate versus other more appropriate skills.

Vague Triggers

Low
Confidence
87% confidence
Finding
The phrase "Map this book to my life" is ambiguous because it does not specify The Celestine Prophecy and could match many book-related or general coaching interactions. Without surrounding constraints, it increases the chance of accidental invocation from ordinary conversation.

Natural-Language Policy Violations

Low
Confidence
79% confidence
Finding
This markdown file contains user-facing instructional material entirely in English and does not indicate that other languages or locale preferences are supported. Under the stated policy, a forced language without user opt-in can be a natural-language policy violation when no choice or justification is provided.

Vague Triggers

Medium
Confidence
95% confidence
Finding
This markdown file defines activation examples such as "I come home from work completely exhausted," "My partner makes me feel small," and "I want to grow spiritually but I don't know where to start." These are broad, ordinary statements without clear scope limits or exclusion conditions, so they risk overlapping with general conversation and causing unintended invocation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal