ClawHub

Gaslighting Detector Skill

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a text-only relationship-pattern checker, but its included publish script can push code and publish this package under a mismatched ReplyHer slug.

Installing the text skill is not inherently dangerous, but review it carefully because the bundled publish.sh should not be run as-is. Remove or fix that script unless you intentionally control the ReplyHer slug and repository, and treat the relationship-analysis advice as pattern guidance rather than diagnosis or crisis support.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The publish script hard-codes a different identity than the declared skill: it publishes with slug "replyher" and points users to replyher GitHub/ClawHub URLs instead of gaslighting-detector. This can cause the wrong project to be released or overwrite/update another skill, creating a supply-chain and integrity risk where operators believe they are publishing one artifact but actually distribute another.

Natural-Language Policy Violations

Medium
Confidence
85% confidence
Finding
The example says '典型的 narcissistic abuse 味道,' which undercuts the skill's own rule to avoid diagnosing or labeling the other person. In a sensitive abuse-assessment context, this can encourage over-interpretation, stigmatizing labels, and unsafe advice based on inferred pathology rather than observable behavior.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script automatically stages all changes, creates a commit, and pushes to the remote repository with no confirmation step. A user running it may unintentionally publish unrelated, sensitive, or unfinished files, especially because `git add -A` captures all workspace changes, making accidental disclosure or integrity issues more likely.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The script uploads the local skill directory and metadata to a remote publishing service without an explicit warning or review gate. While remote publication is the script's stated purpose, the lack of a clear transmission warning and confirmation increases the chance of sending unintended content, including secrets or unreviewed files, to an external service.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal