ClawHub

The Gay Science

Security checks across malware telemetry and agentic risk

Overview

This is a non-executable Nietzsche study skill with some over-broad activation and one poorly framed example, but no hidden access, persistence, or dangerous system behavior.

Installers should expect a broad Nietzsche-themed assistant that may appear for general existentialism or nihilism questions and add a Heardly watermark. Users should treat the criminality example as literary/philosophical commentary, not advice to justify illegal, abusive, or harmful conduct.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger conditions are broad enough to activate on many generic Nietzsche or existentialism-related mentions, including common educational queries and even installation mentions requiring proactive output. This can cause unintended routing, surprise invocation, and irrelevant content injection into unrelated conversations, which is a real security and safety issue for agent behavior even though the skill content is otherwise non-executable and low-risk.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This passage frames criminal conduct and the rejection of social judgment in a valorizing way, including language like 'I am not ashamed' and 'I am creating my own values,' without any contextual warning that this is a philosophical interpretation rather than guidance for real-world harmful or illegal acts. In a general-purpose agent skill, that can normalize antisocial behavior or encourage vulnerable users to dismiss accountability, making the content meaningfully unsafe even if the apparent intent is literary/philosophical.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal