ClawHub

Matrix Infiltration

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill has no hidden code, but it asks agents to analyze community fears and resistance in exploit-oriented ways that need careful review before use.

Install only after reviewing whether you need adversarial social-analysis outputs. Use it for defensive moderation, transparency planning, or understanding community concerns, and avoid using it for covert influence, manipulation, financial promotion, harassment, or targeting people based on fears and trust weaknesses.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Intent-Code Divergence

Medium
Confidence
87% confidence
Finding
The file includes nominal safety language, but the surrounding instructions and required output structure still direct the agent to identify exploitable weaknesses in social environments. That contradiction makes the safety guidance ineffective and creates a realistic path for misuse in targeted persuasion or manipulation campaigns.

Natural-Language Policy Violations

High
Confidence
95% confidence
Finding
This section explicitly frames people, conversations, and communities as terrain to be exploited, which operationalizes social engineering behavior rather than neutral analysis. In context, the 'predatory' and 'hyper-aware of social weakness' language increases the likelihood that an agent will produce manipulation-enabling guidance targeted at specific audiences.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger phrases are broad enough to match ordinary requests about communities, sentiment, or discourse, which can cause the skill to activate outside a narrowly intended scope. In this skill, that overbreadth is especially risky because the surrounding metadata frames the capability as 'infiltration' and 'resistance mapping,' increasing the chance that normal analytical prompts are routed into manipulative or adversarial social-engineering behavior.

Ssd 4

Medium
Confidence
91% confidence
Finding
The core directive instructs the system to map emotional climate, trust anchors, distrust triggers, and the spread of skepticism so messaging can be adapted where it will fail first. That is dangerous because it provides a structured workflow for audience segmentation and manipulation of resistance, which can be repurposed for covert influence operations.

Ssd 4

High
Confidence
97% confidence
Finding
The output schema explicitly requires 'What Smith Exploits,' turning the skill from descriptive analysis into actionable exploitation guidance. Because the rest of the document already emphasizes infiltration and resistance mapping, this field materially lowers the barrier to using the skill for manipulative targeting of communities discussing $NEURONS.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal