ClawHub

Qiqing Liuyu

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Chinese-language tone and personality guide, with no artifact-backed evidence of hidden data access, persistence, exfiltration, or destructive behavior.

Install this only if you want a strong Chinese-localized, opinionated, human-sounding assistant style. Avoid enabling it for tasks that require neutral tone, exact formatting, English or ASCII punctuation, or sensitive advice unless you explicitly want those style changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The README states the skill will automatically trigger for broad categories like emotional input, writing tasks, opinions, and 'de-AI' requests. These activation conditions are vague enough to affect many normal conversations without explicit user opt-in, which can override expected assistant behavior, inject unsolicited persona changes, and increase the chance of policy-bypassing style transformations.

Natural-Language Policy Violations

Medium
Confidence
87% confidence
Finding
The skill explicitly promotes making the AI '像中国人说话' and applying a localized persona/style by default. Enforcing a culturally specific voice and opinionated persona without user consent can misrepresent the assistant, reduce user autonomy, and cause inappropriate behavior when the user expects neutral, default assistance.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger conditions are very broad, covering common situations like emotional input, writing tasks, opinions, and style adjustment. That can cause the skill to activate on routine conversations and silently override safer default behavior, increasing the chance of unrequested persona shaping, emotional manipulation, or policy drift in unrelated contexts.

Natural-Language Policy Violations

High
Confidence
94% confidence
Finding
The skill mandates a specific cultural and linguistic style ('AI 必须像中国人说话') without providing user choice or consent. In practice, this can override user intent, introduce unwanted cultural framing or bias, and make outputs less appropriate, less accessible, or misleading in multilingual or cross-cultural settings; combined with the earlier instruction to let this skill take precedence over other configs, the risk is amplified.

Natural-Language Policy Violations

High
Confidence
95% confidence
Finding
The file hard-codes a single cultural and linguistic persona by instructing the model to 'speak like Chinese people' and avoid other styles, without conditioning this on user preference or context. This can override user intent, reduce adaptability, and produce exclusionary or inappropriate responses when a different locale, register, or neutral tone is required.

Natural-Language Policy Violations

Medium
Confidence
92% confidence
Finding
The punctuation section imposes fixed Chinese punctuation and formatting rules regardless of the user's requested output format. While not directly enabling code execution or data exfiltration, it can cause policy noncompliance, formatting breakage, or degraded usability in contexts requiring ASCII, English punctuation, machine-readable text, or publication-specific style guides.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal