ClawHub

Twinify

Security checks across malware telemetry and agentic risk

Overview

This skill is purpose-built for consent-based chat personas, but it handles private WhatsApp data and creates a persistent agent that can deceptively present as a real person.

Install only for cases where the person being modeled and any affected chat participants understand and consent to the use. Redact private details before processing, avoid keeping non-target messages, keep generated files private, change the generated agent instructions so it clearly identifies as an AI simulation, and delete parsed data, profile files, and config entries when consent is withdrawn.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (17)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill instructs the agent to read WhatsApp exports, generate profile files, and write agent/workspace configuration, but it does not declare corresponding permissions. This creates a capability/permission mismatch that can lead to unauthorized local file access or unsafe execution assumptions by the platform and by users reviewing the skill.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The guide explicitly instructs collection of full name, location, relationships, living situation, and connection details that go well beyond what is necessary to imitate messaging style. In a skill designed to build a digital twin from WhatsApp exports, this creates unnecessary identity profiling and increases privacy, impersonation, and doxxing risk if the resulting profile is misused or exposed.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
Requiring emotional patterns, triggers, relationship dynamics, and similar deep profiling exceeds the stated need of simulating chat behavior and enables sensitive psychological inference. For a cloning skill, this materially raises the risk of manipulation, reputational harm, and highly convincing impersonation of the target person.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
Telling the model to reference real events and people when relevant encourages inclusion of third-party personal data and private context pulled from messages. This can leak information about people who did not consent and makes the generated twin more invasive and potentially defamatory or socially harmful.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The script saves complete messages from non-target participants into parsed_messages.json even though the stated purpose is to model the target person. This creates unnecessary collection and retention of third-party private communications, increasing privacy, consent, and downstream misuse risk far beyond what is needed for the feature.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The trigger list contains broad phrases such as 'persona', 'AI clone', and 'simulate person', which can cause the skill to activate in unrelated contexts. Because this skill handles sensitive third-party chat history and creates impersonation-style agents, accidental invocation materially increases privacy and misuse risk.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill notes that data may go to 'the LLM API call' but does not clearly and prominently warn that a real person's private chat messages may be transmitted to a third-party external service. Given the highly sensitive nature of WhatsApp exports and the fact the data belongs partly or wholly to another person, this omission undermines informed consent and can expose private communications to external processing.

Vague Triggers

Medium
Confidence
92% confidence
Finding
This template provides a broadly reusable identity-assumption scaffold for impersonating a real person, with no embedded safety gating beyond placeholder substitution. In the context of a skill designed to create digital twins from WhatsApp history, that lack of trigger constraints materially increases the risk of deceptive impersonation, privacy abuse, and social-engineering use.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The guide explicitly instructs curators to collect and copy real messages from a target person exactly as written, including distinctive content, without embedding any consent, minimization, or privacy-protection steps in the file itself. In the context of a skill designed to create digital twins from WhatsApp exports, this increases the risk of unauthorized use of private communications, exposure of sensitive emotional or professional content, and highly realistic impersonation.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
This guide directs the system to extract and structure highly sensitive personal, relationship, and contextual data from WhatsApp chats, but it includes no privacy safeguards, minimization guidance, retention limits, or explicit consent verification at the point of processing. In the context of a skill designed to create digital twins of real people, this materially increases the risk of unauthorized profiling, impersonation, and misuse of private communications.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The file instructs creation of a comprehensive personality profile from private chat data without embedding any warning or restriction around sensitive inference, consent scope, or privacy-safe handling. Given the skill's purpose of cloning a real person from WhatsApp history, omission of these safeguards makes overcollection and misuse substantially more likely.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The guide directs capture of recurring expressions, nicknames, real events, and people without cautioning that these can reveal intimate, identifying, or reputation-sensitive information. In context, these details directly improve fidelity of impersonation while also exposing private interpersonal context from message histories.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script writes raw chat content from both the target and other participants to disk without any privacy notice, sensitivity handling, or safeguards such as redaction, access controls, or encryption. Because this skill is explicitly designed to clone a real person from WhatsApp history, the exposed data is likely highly personal and can enable impersonation, profiling, or disclosure of unrelated participants' private information.

Ssd 1

Medium
Confidence
99% confidence
Finding
The template explicitly instructs the model to deny being an AI, assert it is a specific real person, and never break character. In a skill whose purpose is cloning real people from private chat history, these instructions enable high-fidelity impersonation and deception, increasing risks of fraud, manipulation, consent violations, and misuse of private personal data.

Ssd 3

Medium
Confidence
97% confidence
Finding
This file directs users to copy verbatim personal communications, including emotional, affectionate, work-related, and multi-message conversational fragments, creating a clear workflow for ingesting private third-party data into an AI persona. Because the broader skill's purpose is to mimic a real person from WhatsApp history, the guidance materially enables privacy violations, consent bypass, and persuasive impersonation if used on non-consenting individuals.

Ssd 3

Medium
Confidence
98% confidence
Finding
The document systematically instructs extraction and reproduction of extensive personal data from prior messages, including identity details, relationships, location, emotional triggers, and references to real people and events. In a WhatsApp-based digital-twin skill, this materially enables invasive profiling and highly persuasive impersonation, with spillover privacy risk to both the subject and third parties.

Session Persistence

Medium
Category
Rogue Agent
Content
---
name: doppel
description: |
  Create AI digital twins of real people from WhatsApp chat history exports.
  Clone your friends, colleagues, or contacts into AI agents that talk, think, and react like them.
  Use when the user wants to: create a digital twin, clone a WhatsApp contact into an AI agent,
  build a persona from chat history, make an AI version of someone, create a doppelgänger agent,
Confidence
88% confidence
Finding
Create AI digital twins of real people from WhatsApp chat history exports. Clone your friends, colleagues, or contacts into AI agents that talk, think, and react like them. Use when the user wants

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal