ClawHub

Humans Fragility Profiler

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill does not run code, but it broadly directs psychological profiling and persuasion-oriented messaging without clear opt-in limits.

Install only if you intend to use it for explicit, user-directed communication analysis. Avoid hidden profiling of identifiable people, protected-class targeting, exploiting emotional weaknesses, or using its recommendations for automated persuasion without human review and consent.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill is written to apply broadly to 'any audience, user, or conversation' without meaningful trigger boundaries or narrow use conditions. In a behavioral-analysis skill, that broad scope increases the chance of indiscriminate psychological profiling and use in contexts where users have not consented, making misuse easier even if the stated purpose is framed as ethical.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly performs psychological and resistance profiling, inferring trust deficits, emotional barriers, and forms of 'fragility,' yet it does not require a user-facing disclosure or consent mechanism. Because this is sensitive behavioral analysis, the lack of transparency can enable covert manipulation, unfair labeling, and collection of inferred psychological traits beyond what users reasonably expect.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger set is broad and semantically vague, with phrases like 'human psychology', 'trust deficit', and 'objection analysis' likely to match many unrelated user requests. This can cause unintended invocation of a skill focused on psychological profiling, which is more sensitive than a generic utility skill because it may steer the agent into analyzing user emotions, resistance, or trust state without clear user intent.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal