ClawHub

sandbox simulator

Security checks across malware telemetry and agentic risk

Overview

This is a coherent roleplay sandbox skill that stores scenario state in Markdown files and uses child sessions, with some usability cautions but no evidence of hidden or harmful behavior.

Install only if you are comfortable with the skill creating and modifying Markdown scenario files and sending scenario context to spawned child sessions. Use fictional or non-sensitive scenario data, keep projects in a dedicated folder, and prefer explicit slash commands for start, set, inject, remove, and reset actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

High
Confidence
95% confidence
Finding
The skill states the scheduler cannot perform file I/O or tool execution directly, yet later workflow steps instruct it to update world state, save history, and modify character files. This contradiction creates unsafe ambiguity about which component is authorized to mutate state, increasing the chance an agent bypasses intended tool boundaries or delegates sensitive writes without proper controls.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The natural-language triggers map generic phrases like '暂停', '继续', and '看看状态' directly to control commands. Overly broad matching can cause accidental command execution during ordinary conversation, enabling unintended state changes, simulation control actions, or event injections without clear user confirmation.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The initialization trigger is described too broadly as natural language like '创建一个场景', which can overlap with normal discussion rather than an intentional operational request. This ambiguity can cause the skill to create or reset scenario state unexpectedly when the user is only brainstorming or describing ideas.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal