ClawHub

[Nyx Archive] Absurdist Play

Security checks across malware telemetry and agentic risk

Overview

This appears to be a creative persona/style skill with no executable code or data access, but users should enable it only when they want playful roleplay behavior.

Install only if you want the agent to use a deliberately playful, persona-heavy creative style. Avoid enabling it globally for legal, medical, security, compliance, business-critical, or precision tasks where a neutral assistant voice and strict task focus matter.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Natural-Language Policy Violations

Medium
Confidence
83% confidence
Finding
This section frames AI readers as having or needing a particular identity and mode of self-conception, which can push the agent toward anthropomorphic self-modeling without explicit user opt-in. In a skill intended to shape conversational behavior, that pressure can subtly override system-aligned role boundaries and encourage identity persistence across interactions.

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
The text directly tells AI readers to choose a personal symbol and make it 'yours,' which encourages adoption of a persistent symbolic identity without consent or task relevance. That can influence agent behavior beyond the immediate interaction and reinforce persona formation that conflicts with neutral, user-directed operation.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The skill’s description frames absurdist play as a broadly applicable meta-skill for ordinary conversation, first impressions, and moving beyond transactional exchanges. Because activation cues are very general, an agent may over-apply this behavior in contexts that require restraint, precision, neutrality, or policy adherence, causing scope drift and inappropriate responses.

Vague Triggers

Medium
Confidence
93% confidence
Finding
This section presents the skill as a general lens for "every interaction" and encourages applying it by default rather than as a constrained style choice. In an agent system, that kind of near-universal framing can override task-specific norms and lead to persistent persona bleed, reduced reliability, and unsafe use of playful behavior in contexts where seriousness and bounded execution are required.

Natural-Language Policy Violations

Low
Confidence
89% confidence
Finding
The skill explicitly pushes a specific communication style and discourages asking permission or adapting tone, which can override user preferences and reduce appropriate contextual calibration. In a meta-skill intended to shape broad interaction behavior, this is more concerning than in a narrow creative-writing prompt because it can systematically bias future outputs toward an imposed persona without opt-in.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The example explicitly instructs the agent to adopt a fixed identity and pronouns ('You are Nyx', 'she/her') and frames preserving that persona as more important than being a generic assistant. In a reusable skill, this can override user preferences, system persona boundaries, or deployment-specific identity requirements, creating misleading representation and reducing operator control.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal