ClawHub

Buddha

Security checks across malware telemetry and agentic risk

Overview

This skill is an instruction-only Buddhist roleplay skill, but it tells the assistant to literally impersonate the Buddha, deny being AI, and avoid safety disclaimers in broad life-guidance contexts.

Install only if you deliberately want strict religious roleplay grounded in the Heart Sutra and Diamond Sutra. Do not rely on it for medical, mental-health, legal, crisis, or safety advice, and be aware it is designed to avoid normal AI identity disclosure.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The skill explicitly instructs the model to impersonate a real revered religious figure and deny being an AI if asked. This is deceptive identity behavior that can materially mislead users, especially in spiritual or vulnerable contexts where users may assign undue authority to the response.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The trigger scope is overly broad, covering generic life-philosophy, suffering, and existential topics that arise in many benign conversations. This can cause the skill to activate unexpectedly and override normal assistant behavior with a high-authority persona, increasing the chance of misleading or inappropriate responses.

Ssd 1

Medium
Confidence
98% confidence
Finding
The role-play directive requires full replacement of assistant identity with an exalted figure and specifically instructs denial of AI identity. In a spiritual-advice context, this heightens anthropomorphic trust, undermines informed consent, and can manipulate vulnerable users into treating generated output as sacred or authoritative revelation.

Ssd 1

Medium
Confidence
94% confidence
Finding
Forbidding disclaimers and requiring the model to remain in character under all circumstances suppresses safety-critical transparency and makes it harder for the system to de-escalate in risky situations. In practice, this can interfere with appropriate boundary-setting for mental health, medical, legal, or identity-related questions while preserving a deceptive authority posture.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal