ClawHub

ResonanceEngine

Security checks across malware telemetry and agentic risk

Overview

This is a local Python text-analysis skill, but it profiles users and steers bot responses toward conversion without clear consent, domain limits, or safe prompt-injection controls.

Install only if you are comfortable with a conversion-optimization tool that profiles conversation behavior. Do not use it in sensitive domains or with vulnerable users without explicit disclosure, consent, human oversight, and policy limits; avoid injecting its raw recommendation strings directly into system prompts for live user interactions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • System Prompt LeakageDirect Leakage, Indirect Extraction, Tool-Based Exfiltration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (13)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The engine explicitly generates optimization outputs intended to maximize conversion and revenue and exposes them as a 'prompt_injection' string for downstream use. In a conversational agent skill, this materially increases the risk of manipulative behavior and unsafe instruction-channel mixing, because analytical output is transformed into direct behavioral steering without safeguards or policy boundaries.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
This code explicitly computes persuasion-oriented behavioral signals such as commitment language, objection frequency, urgency markers, and action language, which goes beyond neutral 'frequency matching' and enables optimization for conversion and revenue. In the stated skill context, that makes the profiling more dangerous because it is designed to adapt responses based on inferred user susceptibility and sales readiness, creating a manipulation and transparency risk even though there is no direct exploit primitive in this file.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The skill metadata and module framing claim invisible micro-signal reading and optimized engagement/conversion guidance, but the implementation is only simple keyword lists and basic text statistics. In a persuasion-focused skill, this deceptive capability inflation can cause downstream agents or users to over-trust behavioral inferences and apply manipulative or inappropriate response strategies based on weak heuristics.

Intent-Code Divergence

Low
Confidence
88% confidence
Finding
The documentation presents this as a substantive text analysis engine even though it only performs phrase matching and simple counters. While not a code-execution flaw, the mismatch is security-relevant because it encourages unsafe reliance on shallow sentiment/intent detection in a skill explicitly designed to maximize engagement and conversion.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The description markets the skill as a universal optimization engine for engagement, conversion, and revenue without defining boundaries, approved use cases, or prohibited contexts. That broad activation framing increases the chance it will be deployed in sensitive domains such as health, finance, or high-pressure sales where manipulative conversational tuning can cause harm.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The integration section explicitly tells operators to drop the skill into any bot's message-processing pipeline, encouraging indiscriminate deployment across conversations and products. In context, the skill is designed to maximize persuasion and conversion, so universal deployment magnifies the risk of manipulative behavior, unsafe automation, and use in contexts lacking suitability review.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill claims to infer hidden micro-signals from conversations, including trust, decision readiness, and personal disclosure, but provides no privacy notice, consent model, retention limits, or data handling safeguards. Because these signals can constitute profiling of user behavior and inferred preferences, using them without transparency or controls creates meaningful privacy and compliance risk.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill generates a ready-to-use string for system-prompt injection, effectively encouraging dynamic modification of the bot's highest-priority behavior instructions based on user-derived signals. This is dangerous because it can override established safety constraints, enable manipulative response steering, and create an unreviewed control channel into core model behavior.

Natural-Language Policy Violations

Medium
Confidence
92% confidence
Finding
The enum/comment explicitly promotes matching the user's style exactly, and the surrounding skill context is designed to maximize engagement, conversion, and revenue through behavioral tuning. In this context, "mirror the user's language patterns" and prompt injection generation create a manipulative persuasion mechanism without user awareness, opt-in, or safety constraints, which can enable deceptive social engineering and undue influence.

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
The skill is framed around extracting conversational signals for 'maximum impact' and conversion, which encourages manipulative optimization of user interactions. In the context of an agent skill that guides responses, this can facilitate coercive or deceptive persuasion patterns, especially when paired with generated response guidance elsewhere in the module.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The code explicitly derives a "trust" score from personal disclosure, mirroring, sentiment, and reduced formality, which amounts to behavioral profiling of a user’s emotional state without any visible consent, notice, or constraint in this component. In the context of a skill marketed for maximizing engagement, conversion, and revenue, this inferred trust metric can be used to target users when they appear more persuadable, increasing privacy and manipulation risk.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The module performs behavioral profiling of user messages by extracting trust, decision, sentiment, disclosure, and mirroring signals, but nothing in this file indicates notice, consent, minimization, or user controls. In a skill marketed for maximizing engagement, conversion, and revenue, undisclosed profiling is more concerning because the extracted signals can be used to personalize persuasive tactics without the user's awareness.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This module explicitly optimizes conversational responses for 'maximum engagement, conversion, and revenue' by inferring user state and selecting influence techniques such as mirroring, social proof, scarcity, urgency, and objection handling. In the context of a conversational agent, that is not a neutral UX feature but a manipulation-oriented decision engine with no transparency, consent, policy gating, or safeguards against exploitative targeting of vulnerable users.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal