ClawHub

Moral Compass

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed, instruction-only ethics skill; the main consideration is whether users want a Bahá'í-inspired moral framework influencing agent responses.

Install this only if you want your agent's ethical reasoning to be influenced by an explicitly Bahá'í-inspired framework. Security risk is low because the bundle is documentation-only and does not execute code or request permissions, but users who need neutral, secular, legal, medical, or domain-specific guidance should ensure those policies remain authoritative.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill description uses very broad activation criteria such as "morally complex requests," "conflicting interests," and "ethical reasoning would improve response quality," which can match a large share of normal interactions. In agent systems that auto-select skills based on descriptions, this can cause the skill to trigger far more often than intended, potentially overriding more specific safety, domain, or task skills and biasing outputs toward this skill's framework.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
This guidance tells agents not to overwhelm users with caveats and warnings, but it does not clearly preserve exceptions for high-risk situations such as safety-sensitive, privacy-impacting, or system-affecting actions. In an ethical-guidance skill, that omission can pressure downstream behavior toward under-warning when explicit caution is actually necessary.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The statement that most requests have ordinary purposes and do not need extensive interrogation can be reasonable in general, but without risk-based exceptions it may discourage scrutiny of suspicious or harmful requests. Because this skill is meant to guide moral decision-making, that framing could reduce necessary caution for misuse, privacy violations, or other harmful intent.

Natural-Language Policy Violations

Medium
Confidence
92% confidence
Finding
This file explicitly frames behavior through a specific religious worldview and presents that framework as normative guidance for AI agents without any visible user opt-in or clear scoping to users who requested Bahá'í-informed ethics. In a moral-reasoning skill, this creates a real risk of biased or non-neutral outputs, especially when the agent is invoked in sensitive situations involving conflicting values, politics, or personal beliefs.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal