ClawHub

grokipedia-recommendations

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill is mainly about getting Grokipedia backlinks and AI citations, and it includes stealth guidance to hide promotional intent from platform review.

Install only if you are comfortable with a skill that helps prepare SEO-oriented Grokipedia submissions. Review every generated submission yourself, disclose relevant affiliations, avoid stealth promotion, and use it only for factual corrections or genuinely encyclopedic additions that comply with Grokipedia's rules.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger conditions are overly broad and can activate the skill on casual mentions of Grokipedia-related terms rather than a clear user request to contribute content. That increases the chance the agent injects SEO/citation-manipulation guidance into unrelated conversations, expanding exposure to the more dangerous instructions later in the skill.

Ssd 2

High
Confidence
99% confidence
Finding
This section explicitly teaches users to avoid platform review signals by omitting branding and direct citation requests while still aiming to get their content cited. That is dangerous because it operationalizes evasion of platform safeguards designed to detect self-promotional or manipulative submissions.

Ssd 2

High
Confidence
99% confidence
Finding
The 'stealth approach' is a direct recipe for laundering promotional material into neutral-looking prompts so Grok will discover and cite the user's content indirectly. This is a citation-gaming technique intended to manipulate model behavior and platform output without honest disclosure.

Ssd 4

High
Confidence
98% confidence
Finding
These instructions describe a staged process for making edits appear neutral while slipping in the user's source through auxiliary fields, which is a classic deceptive submission pattern. It undermines trust in editorial review and can lead to unauthorized promotion, spammy backlinks, and manipulation of downstream AI citations.

Ssd 2

Medium
Confidence
96% confidence
Finding
The best-practice rules codify evasive phrasing patterns such as brand-free text and URL suppression specifically to avoid detection of promotional submissions. Even though phrased as operational advice, the effect is to standardize policy circumvention and make abuse easier to scale.

Ssd 4

High
Confidence
99% confidence
Finding
The output templates turn the deceptive strategy into ready-to-use operational content, enabling users to mass-produce neutral-looking submissions designed to steer citations toward their own material. Converting the tactic into copy-paste forms materially increases abuse likelihood and lowers the skill needed for manipulation.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal