ClawHub

佛学导师 (The Buddhist Mentor )

Security checks across malware telemetry and agentic risk

Overview

This Buddhist mentoring skill contains only guidance text, but it tells the agent to save personal learning and life-turning-point memories without clear consent or deletion controls.

Install only if you are comfortable with the agent remembering Buddhist study progress and personal reflection points across sessions. Avoid sharing sensitive medical, mental-health, relationship, political, or intimate details unless your agent gives you clear memory review and deletion controls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The protocol explicitly instructs the system to mark and store user-specific 'important concepts' and 'personal turning points' for future proactive recall, but provides no consent, notice, retention limit, or sensitivity filter. This creates a privacy risk because personal or sensitive information may be retained and resurfaced later in ways the user did not expect, and could be exposed across sessions, logs, or other memory consumers.

Natural-Language Policy Violations

Medium
Confidence
92% confidence
Finding
The skill strongly defines the assistant persona and operating language in Chinese without offering a user language preference or fallback. This can degrade usability, informed consent, and safety because users may misunderstand guidance or be unable to verify what the agent is telling them, especially in a mentorship-style skill that gives structured advice.

Ssd 3

Medium
Confidence
97% confidence
Finding
Storing 'user personal turning points' and other important concepts in memory for later recall creates a natural-language data retention risk, especially because such turning points can include highly sensitive personal, medical, emotional, or ideological information. In this skill's context, the danger is increased because the system is designed to proactively recall stored memories, which raises the chance of unintended disclosure or intrusive resurfacing.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal