ClawHub

PersonaNexus Agent Religion

Security checks across malware telemetry and agentic risk

Overview

This appears to be a local persona/prompt-building skill, but its packaged examples and generated behavior are broader than a religion-focused skill would suggest.

Install only if you want a general persona/prompt framework, not just a religion-focused extension. Review the included templates before use, especially any generated prompt fields that claim database, charting, or autonomous permissions, and consider pinning dependencies or using a locked environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (12)

Lp3

Medium
Category
MCP Least Privilege
Confidence
82% confidence
Finding
The skill explicitly instructs users to validate, compile, scaffold, and export local YAML files, which implies file read/write capability, yet no permissions are declared in the metadata. This creates a transparency and trust problem: a host may grant or deny execution based on declared permissions, and undocumented filesystem access can surprise operators or weaken sandbox policy decisions.

Tp4

High
Category
MCP Tool Poisoning
Confidence
90% confidence
Finding
The advertised scope is a religion/persona extension, but the described behavior reaches far beyond that into full identity parsing, prompt compilation across multiple targets, scaffolding, trait conversion, inheritance/merge logic, and management of broad agent behavior fields. That mismatch is dangerous because users and policy engines may approve the skill for a narrow purpose while it actually processes and emits much more influential agent configuration, increasing the chance of unexpected behavior, policy bypass through prompt generation, or over-broad access to sensitive local files.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The file content is materially inconsistent with the declared skill purpose: instead of a religion/faith/spirituality persona extension, it defines a full senior data analyst agent with unrelated role, expertise, permissions, and presentation settings. This mismatch is dangerous because it can smuggle unintended capabilities and behaviors into environments that trust the manifest classification, undermining review, least-privilege assumptions, and downstream policy enforcement.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The skill grants autonomous database-reading and chart-generation permissions even though the surrounding product context is a religion/persona-extension skill, where such capabilities are not justified. Unnecessary capabilities expand attack surface and increase the risk of unauthorized data access, data exfiltration, or misuse if the skill is invoked in a trusted runtime with connected resources.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The file content materially mismatches the skill's declared purpose: it defines an OCEAN-based data analyst persona instead of a religion, faith, or spiritual framework. This is dangerous because mislabeled skills can bypass review expectations, confuse downstream agents, and cause unintended capability loading or policy application based on false metadata.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The manifest defines a very broad 'general-purpose assistant' with a wide task scope and only minimal behavioral constraints. In an agent skill ecosystem, ambiguous scope can enable unintended use in higher-risk contexts because downstream systems may invoke the skill for sensitive tasks the author did not explicitly constrain.

Unpinned Dependencies

Low
Category
Supply Chain
Content
pydantic>=2.0
pyyaml>=6.0
typer>=0.9
rich>=13.0
Confidence
95% confidence
Finding
pydantic>=2.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
pydantic>=2.0
pyyaml>=6.0
typer>=0.9
rich>=13.0
Confidence
98% confidence
Finding
pyyaml>=6.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
pydantic>=2.0
pyyaml>=6.0
typer>=0.9
rich>=13.0
Confidence
94% confidence
Finding
typer>=0.9

Unpinned Dependencies

Low
Category
Supply Chain
Content
pydantic>=2.0
pyyaml>=6.0
typer>=0.9
rich>=13.0
Confidence
94% confidence
Finding
rich>=13.0

Known Vulnerable Dependency: pydantic — 3 advisory(ies): CVE-2021-29510 (Use of "infinity" as an input to datetime and date fields causes infinite loop i); CVE-2024-3772 (Pydantic regular expression denial of service); CVE-2021-29510 (Pydantic is a data validation and settings management using Python type hinting.)

High
Category
Supply Chain
Confidence
90% confidence
Finding
pydantic

Known Vulnerable Dependency: pyyaml — 8 advisory(ies): CVE-2019-20477 (Deserialization of Untrusted Data in PyYAML); CVE-2020-1747 (Improper Input Validation in PyYAML); CVE-2020-14343 (Improper Input Validation in PyYAML) +5 more

Critical
Category
Supply Chain
Confidence
98% confidence
Finding
pyyaml

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal