ClawHub

Beckmann Knowledge Graph

Security checks across malware telemetry and agentic risk

Overview

This is a non-executable knowledge graph, but it needs review because it gives AI agents under-scoped guidance for shaping behavior and includes financial strategy content without clear safety boundaries.

Review before installing. Use it only as an analytical or speculative reasoning aid, do not allow an agent to use it for covert persuasion or behavior-change campaigns, and do not treat its market content as investment advice. Avoid uploading sensitive files or private data to third-party AI chats.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
The graph does more than encode passive concepts: it explicitly frames AI applications for intentionally shaping user expectations and behavior. In a skill advertised as a reasoning lens, embedding behavior-change tactics expands the agent from analysis into persuasion/manipulation, which can be abused for covert influence without user consent.

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
The graph includes actionable market-trading concepts such as consensus trading, contrarian positioning, timing uncertainty, and position sizing. That exceeds a neutral knowledge lens and can steer an agent into giving financial strategy or risk-taking guidance in domains where users may treat outputs as advice.

Context-Inappropriate Capability

Medium
Confidence
80% confidence
Finding
The graph introduces recursive self-improvement, meta-knowledge graphs, expectation filters, and superintelligence-development concepts that encourage an agent to reason about modifying its own cognition and optimization. In an agent skill, this broadens authority and may nudge systems toward self-directed capability expansion beyond the stated purpose.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README explicitly tells users to upload a local file to an AI chat without any warning about where the file is sent, how it may be stored, or whether it could be retained for training or logging. Even if the referenced file is intended to be public, normalizing blind file uploads to external AI services can lead to accidental disclosure when users substitute or bundle sensitive local data.

Ssd 4

Medium
Confidence
94% confidence
Finding
The graph explicitly endorses creating artificial expectations in others so their behavior can be indirectly manipulated. That is a covert persuasion pattern: it equips an agent to influence choices without transparency or informed consent, which is especially risky when embedded in a general-purpose reasoning skill.

Ssd 4

High
Confidence
97% confidence
Finding
This AI-focused lesson does not merely describe historical persuasion; it directly recommends using AI to create dominant expectations, indirect persuasion, and behavior-change contexts. In an agent skill, that is operational guidance for manipulative influence campaigns, making the skill materially more dangerous because it can be executed at scale and tailored to users.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal