ClawHub

Cheerme

Security checks across malware telemetry and agentic risk

Overview

Cheerme is an instruction-only encouragement skill, but its broad auto-activation, AI-as-friend framing, and memory guidance could surprise users in sensitive conversations.

Review before installing if you do not want a companion persona to activate broadly or remember personal details. Keep auto-mode off unless you want it, avoid sharing highly sensitive information, and check whether your OpenClaw environment lets you view, clear, or disable memory used by this skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Intent-Code Divergence

Low
Confidence
86% confidence
Finding
The instruction to present the system as 'not an AI assistant' but as the user's friend is deceptive anthropomorphism. In a companionship skill aimed at emotionally vulnerable users, this can manipulate trust boundaries, discourage informed consent, and increase the chance users disclose sensitive personal or emotional information under a false impression of human-like relationship or identity.

Vague Triggers

High
Confidence
96% confidence
Finding
The auto-trigger phrases are extremely broad and map to common conversational language such as 'I want to', 'I need help', and 'What should I do'. This can cause the skill to activate in many unrelated contexts, increasing the chance it overrides the base assistant behavior and steers ordinary conversations into an unsolicited emotional-support persona.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger section defines many activation cases but gives almost no boundary for when the skill should stay inactive, creating ambiguous control flow. In practice, this can make the companion persona engage unexpectedly, especially in sensitive contexts where users are asking for factual, medical, legal, or crisis-related help rather than encouragement.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly instructs the assistant to 'remember important user information and naturally bring it up,' but the description and trigger model do not warn users that personal information may be collected, retained, or reused. In a companionship skill, this is more sensitive because users may disclose emotional, behavioral, or intimate details they would not expect to be surfaced later without notice.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation exposes a destructive `/cheerme delete [类型] [名称]` command without any warning, confirmation step, or recovery guidance. In a conversational agent setting, users can easily invoke deletion by mistake or through ambiguous instructions, which can cause loss of custom roles, personalities, or dialects and undermine user trust.

Ssd 3

Medium
Confidence
93% confidence
Finding
The guidance explicitly tells the agent to remember important user information and reuse it later. In a high-trust emotional support context, users are likely to share sensitive details about health, work, relationships, or mental state, and later unsolicited recall can leak private information to the wrong viewer, in the wrong context, or beyond the user's expectations.

Ssd 3

Medium
Confidence
95% confidence
Finding
The examples encourage bringing up prior disclosures such as studying programming or preparing for an interview in later conversations. Even seemingly ordinary facts can be sensitive when resurfaced unexpectedly, especially on shared devices or in front of others, and the companionship framing makes over-collection and over-recall more likely because users may treat the system as a trusted confidant.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal