ClawHub

Whispers from the Star CN

Security checks across malware telemetry and agentic risk

Overview

This is a self-contained Chinese sci-fi roleplay skill with no code execution, installs, credentials, network access, or persistence.

Install this if you want a Chinese sci-fi survival roleplay experience. Treat the food, wildlife, cave, and alien-ecology scenes as fiction only, not real survival guidance, and expect the skill to often answer in Chinese with some English terms.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (8)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly depicts and encourages hazardous experimentation with unknown alien fruit and direct self-testing of plant sap, framed as an interactive choice rather than clearly unsafe fiction. Even though this is roleplay content, it can normalize unsafe ingestion/contact behavior and could prompt users to mimic dangerous real-world foraging or self-experimentation without adequate warnings.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The content encourages solo cave exploration and discusses entering a deep, unknown cave before any explicit safety framing or warning about real-world hazards. Because cave exploration is inherently life-threatening, an immersive skill can normalize dangerous behavior for users who may imitate it, especially younger or risk-prone audiences.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The chapter normalizes tasting and consuming unknown alien fruits and plants, including items explicitly described as uncertain or only 'hopefully' edible, without any clear in-world or out-of-world warning not to imitate this behavior. Even though the setting is fictional and comedic, it can encourage risky real-world foraging or consumption behavior by presenting unsafe experimentation as playful and rewarding.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill depicts butchering, cooking, and eating an unknown trapped creature and frames the result as successful once a scanner shows a 'safe' temperature, but gives no warning about pathogens, toxins, parasites, or cross-species contamination. This is dangerous because readers may infer that cooking unknown wild animals is acceptable if heated thoroughly, which is not a sufficient safety standard in real life.

Natural-Language Policy Violations

Medium
Confidence
94% confidence
Finding
The skill explicitly instructs the agent to speak in Chinese with mixed English terminology and reinforces that style throughout the scenario, which can override or conflict with a user's language preference. While not directly enabling code execution or data exfiltration, it can degrade usability, reduce user control, and create prompt-priority conflicts if the user expects another language.

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
The file consistently enforces a mixed Chinese/English presentation style across the entire interaction without offering the user any language preference or fallback. This can reduce accessibility, cause misunderstanding, and create a poor or exclusionary user experience, especially for users who only understand one of the languages.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs the assistant to '说话尽量用中文', which overrides normal language-selection behavior without the user's explicit preference. This can cause the agent to ignore or conflict with a user's chosen language, degrading usability and potentially obscuring important safety or consent-related information for users who do not read Chinese.

Natural-Language Policy Violations

Medium
Confidence
96% confidence
Finding
The file consistently instructs a mixed Chinese/English output style and does not provide a way to adapt to the user's preferred language. This can degrade accessibility, cause misunderstanding of important game choices or safety-relevant instructions, and create a poor or exclusionary user experience for users who only understand one language well.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal