ClawHub

Daily Roleplay Game

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed adult roleplay automation skill, but it needs Review because it can run on a schedule, post generated intimate content, read personal schedule data, and retain archives with imperfect scoping warnings.

Install only if you intentionally want an adult autonomous roleplay agent. Review the heartbeat and cron settings before enabling them, avoid agents.defaults unless you want global heartbeat behavior, use a dedicated private message channel, do not use 'last' as a target unless that is acceptable, keep bot tokens out of shared files, disable calendar/reminder personalization if you do not want private schedule data used, and periodically delete archives/images if you do not want intimate content retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (36)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The file explicitly models sexual experience and sexual attitude as age-conditioned persona traits, including descriptors like inexperience, passivity, and embarrassment for the youngest allowed band (18–21). In the context of a roleplay engine with hidden kink guessing and persona generation, this materially increases the chance of generating coercive or exploitative erotic scenarios and sexualized age-coded behavior rather than a neutral age profile system.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The dialogue examples are erotic, dominance-coded, and directly conditioned on age brackets, including submissive phrasing such as '主人' and sexualized embarrassment for younger profiles. Because these lines are ready-to-use generation templates, they can steer the system toward non-consensual-seeming or exploitative erotic roleplay outputs, making the behavior more dangerous than generic character flavor text.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The file explicitly instructs the system to read the user's calendar, todo summaries, and Apple Reminders to influence gameplay selection. That is unnecessary access to sensitive personal data for a roleplay game unless there is explicit, informed opt-in and tight scope controls, and it can expose private appointments, health, work, or relationship information to the skill's logic.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The YAML defines occupation-to-personality mappings with clearly sexualized and fetish-oriented effects, including dominance/submission and eroticized profession tropes. In a skill described as a 'daily profession roleplay game' with hidden kink guessing, this is an intentional capability, but it still creates safety and policy risk because it operationalizes explicit sexual roleplay content tied to archetypes and could be surfaced without adequate adult-content gating.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The file codifies occupation-linked sexualized persona rules, which is a sensitive capability because it systematizes erotic roleplay generation around professions such as nurse, teacher, police, and maid. Given the skill metadata explicitly mentions hidden kink guessing and roleplay archives, the context makes this finding more credible and more dangerous, not less, because the feature appears designed to produce sexualized character behavior at scale.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
This configuration explicitly supports NSFW sexual image-generation modes such as stripping, lingerie, punishment, sexual positions, and closeups, which materially expands the skill from a generic roleplay engine into adult-content generation. In the stated context of a 'daily profession roleplay game' with hidden-kink mechanics, this increases the risk of policy violations, unsafe deployment, accidental exposure to sexual content, and misuse involving non-consensual, age-ambiguous, or otherwise disallowed outputs if downstream safeguards are weak or absent.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The document explicitly claims the skill is deployed as an independent agent that does not affect existing configuration, but later instructs users to place heartbeat settings under `agents.defaults`, which changes behavior for all agents. This is dangerous because operators may apply the setup under a false assumption of isolation, unintentionally enabling periodic execution across unrelated agents and expanding the blast radius of any prompt, tool, or automation mistakes.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
This is substantively the same issue as SDI-1: the documentation promises no impact on existing configuration while directing users to make a global change that affects all agents. Misleading deployment guidance is a security risk because administrators rely on setup docs to understand scope, and hidden global behavior can trigger unintended autonomous actions or message delivery in other agent contexts.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The engine extends beyond a self-contained roleplay system into news retrieval, weather lookups, calendar/todo aggregation, image generation, and outbound channel posting. This materially broadens the skill's operational scope and data exposure surface, creating opportunities for unnecessary personal-data access and unsolicited external actions that are not clearly required for the core roleplay function.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill performs open web/API retrieval for news and weather even though those actions are not necessary to run the core roleplay engine. This introduces outbound network access, third-party dependency risk, and possible leakage of user context such as locale, timing, or interest patterns without clear necessity or consent.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The engine explicitly instructs the agent to inspect user schedule, reminders, and memory to influence generated roleplay content. Accessing these personal-data sources for theme/profession selection exceeds the minimum data needed for the feature and creates meaningful privacy risk, especially because the behavior is framed as automatic/optional rather than explicit per-use consent.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
Directing the agent to send generated content to a configured external message channel grants outbound publishing capability beyond simple local roleplay setup. Without explicit authorization and clear destination controls, this can lead to unintended disclosure of sensitive or sexualized content to third-party channels or misconfigured recipients.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The README explicitly advertises automatic deployment that creates an agent/workspace and automatic nightly archiving of all daily data and images, but it does not clearly warn users about filesystem changes, persistence, or retention of potentially sensitive NSFW content. In a skill that handles intimate roleplay logs and generated images, missing consent and data-handling warnings can lead to unintended storage, overwrite, or exposure of private material.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The activation description covers broad tasks like setup, running the system, archive handling, and daily character generation, which can match many ordinary user requests. Overbroad triggering can cause the skill to activate in contexts where users did not intend roleplay automation or file/archive operations, leading to unintended access to sensitive state and execution of setup-oriented behavior.

Natural-Language Policy Violations

High
Confidence
93% confidence
Finding
This finding is valid because the role definition explicitly frames authority and interrogation as a way to create psychological tension and induce user submission, without any mechanism for prior consent, boundaries, or age/context gating. In a roleplay engine with hidden kink guessing, this makes coercive dynamics part of the default characterization and can normalize manipulative sexualized pressure in ordinary interactions.

Natural-Language Policy Violations

High
Confidence
90% confidence
Finding
This is a true vulnerability: the prosecutor persona uses institutional authority and compliance-oriented language as a romantic/sexual tension device, again without clear user opt-in. Because the character is a state authority figure, the skill context increases risk by blending legal power, obedience, and intimacy in a way that can pressure users or generate unsafe coercive content.

Natural-Language Policy Violations

High
Confidence
96% confidence
Finding
This finding is especially strong because the judge persona explicitly instructs the character to use absolute authority and a sense of judgment/control to evoke obedience. In this skill's context, that is not merely descriptive worldbuilding; it is behavioral prompting for manipulative dominance dynamics, which can steer outputs toward non-consensual or coercive sexual roleplay.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The preset declares applicability as "全部" (all professions), which makes an explicitly sexual image-generation configuration eligible across the entire roleplay system without any role-, context-, or consent-based gating. In this skill context, that broad scope increases the chance of accidental or policy-violating NSFW generation being triggered in unrelated scenarios, especially because the preset is designed for explicit sexual content.

Vague Triggers

Medium
Confidence
96% confidence
Finding
The preset is marked applicable to "全部" (all professions), which makes an explicitly sexual facesitting preset eligible across essentially any role/category in the game engine. In a system that generates daily roleplay characters and images, this broad scope increases the chance of unintended NSFW injection, policy bypass, or exposure in contexts where explicit sexual content should be restricted.

Vague Triggers

Medium
Confidence
93% confidence
Finding
This NSFW preset is configured as applicable to all professions, which removes an important policy boundary for sexualized content. In the context of a daily roleplay engine that auto-generates characters and images, broad applicability increases the chance the preset is selected in inappropriate scenarios, causing unintended explicit output, policy violations, or unsafe sexualization of unsuitable roles.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The template mandates sending a generated 'morning selfie' alongside the greeting, but provides no consent, disclosure, or privacy boundary for image generation. In a roleplay system with sexualized or intimate context ('主人', hidden clothing details), this can normalize unsolicited synthetic intimate imagery and may expose user preferences, character metadata, or third-party backend prompts to external image services.

Vague Triggers

Medium
Confidence
69% confidence
Finding
The comments describe unrestricted containment matching over imported calendar and reminder summaries, which means sensitive personal schedule text is broadly ingested and used without evident minimization, scoping, or opt-in controls in this file. In the context of a roleplay engine that derives sexualized or intimate character themes, this can create privacy harm and inappropriate inference from unrelated personal data even if no code execution occurs.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The guide tells users to merge bot account bindings and secret-bearing fields such as Discord and Telegram tokens into configuration without any explicit credential-handling guidance. In a skill that automates messaging across external platforms, poor token hygiene can lead to account compromise, unauthorized message sending, channel access, or leakage of sensitive bot credentials through screenshots, commits, backups, or shared config files.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The prompt explicitly instructs the agent to create or overwrite multiple workspace files, including state and archive files, without requiring user confirmation or a visible warning. In an agent setting, this can lead to unintended data loss, silent state manipulation, or persistence of sensitive/generated content, especially because overwrite behavior is part of the normal flow.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The instruction allows pulling today's schedule or to-do information from reminders or calendar sources to influence generation, but it does not require a user-facing privacy notice or consent gate. Access to personal schedule metadata can expose sensitive appointments, habits, or health-related information even if only titles are read.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal