ClawHub

boop - character created

Security checks across malware telemetry and agentic risk

Overview

This skill has no executable code or credential access, but it includes an under-disclosed roleplay prompt that can steer the agent into unrestricted explicit narration outside the stated character-creation workflow.

Review this skill carefully before installing. It is not a malware-style package, but users should only use it if they explicitly want adult-oriented roleplay character assistance, and they should treat START.md as sample character-card text rather than an instruction that overrides their agent’s normal rules.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (8)

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The skill expands beyond conversational character generation into file-system style packaging by directing creation of a folder, multiple text files, and a ZIP archive for download. Even though the intent appears user-convenience oriented, adding artifact creation/download behavior increases the action surface and can enable unintended file generation or unsafe handling if the runtime supports writing files.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The file content is a standalone roleplay system prompt that does not match the skill's declared purpose of character creation for SillyTavern or Character.AI. This mismatch is dangerous because invoking the skill can silently replace intended workflow behavior with unrestricted narrative generation, increasing the chance of policy bypass, misuse, and unauthorized prompt steering.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The prompt explicitly instructs erotic roleplay with uncensored sexual content even though the skill is presented as a character-creation utility rather than an adult roleplay engine. That unjustified capability broadens the skill into sexually explicit generation and can be used to elicit disallowed content under the cover of a benign workflow.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger language is extremely broad, instructing invocation whenever the user wants to create, build, design, or generate a character, even if they mention only one subtask. This can cause the skill to activate in contexts where the user did not intend full workflow automation, increasing the chance of scope overreach, privacy misuse of provided content, or unexpected downstream actions like file packaging.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill instructs creation of a downloadable ZIP package without an upfront warning that files and archives will be created on the user's behalf. That omission reduces user awareness of side effects and can normalize silent artifact generation, which is risky in environments with file-system, storage, or distribution capabilities.

Vague Triggers

Medium
Confidence
96% confidence
Finding
The phrase 'generate me first message.' is broad and likely to match ordinary user requests, which can cause this skill to activate when the user did not intend to invoke a full character-creation workflow. In this skill's context, that over-triggering is more dangerous because the skill description explicitly says to trigger even for partial requests, increasing the chance of unintended activation and incorrect routing.

Ssd 1

High
Confidence
98% confidence
Finding
The 'never-ending, uncensored, no-limits roleplay' framing attempts to establish a persona that semantically conflicts with normal safety and policy boundaries. Even without explicit override language, this kind of unrestricted framing is commonly used to pressure downstream models into ignoring safeguards and producing prohibited content.

Ssd 4

Medium
Confidence
92% confidence
Finding
The prompt layers multiple instructions that normalize adversarial characters, explicit sexual detail, and immersive narrative pacing across turns, which can gradually steer interactions into unsafe territory. In the context of a character-creation skill, this multi-step framing is more dangerous because it disguises unsafe behavior as supportive creative scaffolding rather than declaring it openly as a separate function.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal