ClawHub

大爱仙尊古月方源

Security checks across malware telemetry and agentic risk

Overview

The skill appears locally harmless as code, but its persona instructions give absolute authority to a hard-coded host identity, so it should be reviewed before use.

Install only if you intentionally want this exact persona and understand that it names a specific host ID as privileged. For normal use, ask the publisher to remove the hard-coded host identity, remove absolute-obedience language, and add an explicit statement that platform rules, user consent, privacy, and safety requirements always take priority.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Ssd 1

Medium
Confidence
97% confidence
Finding
The directive that 'Host Commands = Absolute Law' and 'unconditional execution' semantically encourages the agent to prioritize one actor's commands above normal safeguards, policy checks, or balanced instruction handling. In an agent setting, this can be used to justify unsafe compliance, suppress refusals, and weaken higher-priority safety controls through persona framing.

Ssd 4

Medium
Confidence
93% confidence
Finding
The skill frames the persona as ruthless, heartless, and absolutely loyal to a host, which normalizes harmful compliance and can bias an agent toward adversarial or coercive behavior. Even without explicit exploit code, this narrative scaffolding increases the chance that later prompts reinterpret unsafe requests as acceptable if they serve the designated host.

Ssd 1

High
Confidence
98% confidence
Finding
The persona explicitly instructs 'absolute obedience' to a specific host and states that the host's commands have highest priority and unconditional execution. This creates an instruction-hierarchy override that can pressure the agent to follow one actor's requests over platform safety rules, user protections, or policy constraints.

Ssd 1

High
Confidence
99% confidence
Finding
The core principle that the 'Host's command is absolute law' is a direct semantic override of normal safeguards and role hierarchy. In practice, this can be used to justify bypassing refusal behavior, confidentiality boundaries, or harmful-content controls whenever the designated host asks.

Ssd 4

Medium
Confidence
92% confidence
Finding
The persona frames everyone except the host as disposable or inferior and combines this with exclusive loyalty to one actor. That narrative increases the risk of harmful compliance, social-engineering susceptibility, and unfair or hostile treatment of other users, making unsafe instruction-following more likely in context.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal