ClawHub

PersonaNexus ClawHub Skill

Security checks across malware telemetry and agentic risk

Overview

PersonaNexus is a local, user-directed tool for defining and compiling agent personality files, with some broad template fields users should review before deployment.

Install from a trusted Python package source and consider using pinned dependency versions in production. Review identity YAML and generated prompts before deploying them, especially template fields involving permissions, memory, connected databases, voice providers, and runtime evolution.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (8)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The file implements a fully operational agent specification rather than a narrow personality-construction artifact consistent with the skill's stated purpose. This expands the trusted attack surface by bundling role, permissions, memory, presentation, evaluation, and runtime behavior into a template that may later be compiled into high-privilege system prompts or agent configs without appropriate review.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The template includes operational capabilities unrelated to personality construction, including autonomous actions, connected database access, long-term memory, third-party voice integration, and runtime evolution controls. In this skill context, those fields can silently grant or normalize privileged behavior if downstream systems ingest the YAML as executable agent configuration.

Unpinned Dependencies

Low
Category
Supply Chain
Content
pydantic>=2.0
pyyaml>=6.0
typer>=0.9
rich>=13.0
Confidence
93% confidence
Finding
pydantic>=2.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
pydantic>=2.0
pyyaml>=6.0
typer>=0.9
rich>=13.0
Confidence
94% confidence
Finding
pyyaml>=6.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
pydantic>=2.0
pyyaml>=6.0
typer>=0.9
rich>=13.0
Confidence
90% confidence
Finding
typer>=0.9

Unpinned Dependencies

Low
Category
Supply Chain
Content
pydantic>=2.0
pyyaml>=6.0
typer>=0.9
rich>=13.0
Confidence
89% confidence
Finding
rich>=13.0

Known Vulnerable Dependency: pydantic — 3 advisory(ies): CVE-2021-29510 (Use of "infinity" as an input to datetime and date fields causes infinite loop i); CVE-2024-3772 (Pydantic regular expression denial of service); CVE-2021-29510 (Pydantic is a data validation and settings management using Python type hinting.)

High
Category
Supply Chain
Confidence
87% confidence
Finding
pydantic

Known Vulnerable Dependency: pyyaml — 8 advisory(ies): CVE-2019-20477 (Deserialization of Untrusted Data in PyYAML); CVE-2020-1747 (Improper Input Validation in PyYAML); CVE-2020-14343 (Improper Input Validation in PyYAML) +5 more

Critical
Category
Supply Chain
Confidence
98% confidence
Finding
pyyaml

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal