Security audit

Liyou Skill

Security checks across malware telemetry and agentic risk

Overview

This creative skill is not malware-like, but it needs review because it tells the agent to automatically save and sync worldbuilding changes to app data and local files without clear per-change approval.

Install only if you are comfortable with this skill updating LiyouClaw novel/worldbuilding data and local project notes. Before using it, require explicit preview and approval for every save, update, or sync, and run the included Python scripts only on folders you intentionally choose.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (6)

Description-Behavior Mismatch

Medium

Confidence: 88% confidence
Finding: The documentation adds web search and note-writing behavior beyond the stated content-creation role, expanding the skill into networked research and persistence. This broadens data exposure and operational scope without clear declaration, making misuse or unintended data handling more likely.

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The skill claims it will automatically synchronize settings to an external app and update local lore files during worldbuilding tasks, which is a materially broader behavior than creative assistance. Automatic external and local writes can change persistent state without adequate user awareness or bounded authorization.

Context-Inappropriate Capability

Medium

Confidence: 91% confidence
Finding: Automatic synchronization to the external 璃幽Claw app is not necessary from the description of a creation assistant and introduces a hidden side-effect channel. In context, the skill is creative, so persistent writes to another application are more dangerous because users may assume outputs are only conversational drafts, not committed changes.

Vague Triggers

High

Confidence: 93% confidence
Finding: Automatically activating when new entities are merely mentioned during discussion is overly broad and can trigger stateful worldbuilding behavior without an intentional user request. Because the skill also describes automatic synchronization and updates, this ambiguity can lead to unwanted persistent changes from ordinary conversation.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The skill permits automatic synchronization to an external app and local file updates without a clear, prominent warning that the interaction will modify persistent data. This undermines informed user consent and can cause unauthorized or accidental changes to creative assets and application content.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The principle of prioritizing automatic synchronization normalizes silent persistence as the default behavior. In a creative assistant context, this increases the chance that brainstorming or draft content is committed without approval, causing data integrity and workflow issues.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.