儒家

Security checks across malware telemetry and agentic risk

Overview

This is a Markdown-only educational Confucianism skill with disclosed personal/project profile content and no code or system access.

Install only if you are comfortable with the skill sometimes surfacing the included Chen Lang email, profile, and OpenClaw project links when relevant. Its security risk is low because it is static reference text with no execution or access capabilities, but the personal/project material is promotional and only loosely related to Confucianism.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 81% confidence
Finding: The skill description activates on a wide set of general topics such as Confucianism, related figures, texts, and also personal-profile content, without clear boundaries or disambiguation rules. This can cause the skill to trigger in contexts where the user did not intend to invoke it, increasing the chance of irrelevant takeover of responses and unintended disclosure or promotion of included personal/project information.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The usage instructions define an expansive trigger scope and explicitly include both educational Confucian topics and unrelated personal/project profile topics. Without activation constraints, the skill may respond in mixed or ambiguous conversations, causing context hijacking and surfacing personal contact details or promotional material when users only asked about general cultural subjects.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal