ClawHub

Mental Models

Security checks across malware telemetry and agentic risk

Overview

This mental-models advice skill is markdown-only and purpose-aligned, but it silently reads and updates a persistent personal profile with inferred decision patterns.

Install only if you are comfortable with a local profile at ~/.openclaw/workspace/mental-models-profile.md being read and updated with decision context, risk preferences, blind spots, and repeated interaction patterns. Review or delete that file periodically, and avoid putting sensitive financial, personal, or business details in it unless you want them reused across sessions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (8)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The skill instructs the agent to silently read and use a persistent profile file at session start, expanding behavior beyond a narrow advisory formatter into undisclosed cross-session personalization. Silent access to stored user context is dangerous because it bypasses informed user awareness and can influence outputs using retained sensitive data or prior behavioral inferences.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
This section establishes a persistent profiling mechanism for decision context, blind spots, risk profile, and promoted learnings without a strong necessity for the core skill function. For an advisory skill, collecting and reusing behavioral and preference data across sessions increases privacy risk, creates hidden memory, and may cause sensitive inference accumulation over time.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The skill tells the agent to append session-derived behavioral observations and promote them into long-term profile fields once recurrence thresholds are met. This creates durable, inferred-user profiling from conversation history, which is especially risky because the user may never realize their corrections, preferences, and reasoning patterns are being memorialized and generalized.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The instruction to read a local profile file silently, without warning in normal operation, defeats transparency expectations for user-facing assistants. Hidden file access is dangerous because it can consume private local context and shape advice in ways the user cannot detect or meaningfully consent to.

Missing User Warnings

High
Confidence
99% confidence
Finding
Silently persisting session-derived learnings to a local file is a clear privacy and transparency issue because it stores user behavior and inferred traits without explicit notice at the time of collection. This can create a shadow memory system that outlives the conversation and may later be reused in contexts the user did not anticipate.

Ssd 3

Medium
Confidence
97% confidence
Finding
The skill directs silent reading and retention of user profile data across sessions without in-session disclosure, which creates undisclosed statefulness. Cross-session memory of blind spots, constraints, and prior learnings can expose sensitive personal information and alter future responses based on hidden historical context.

Ssd 3

Medium
Confidence
98% confidence
Finding
The skill explicitly instructs the agent to remember, append, and promote user details and behavioral patterns into a persistent profile. That is dangerous because it operationalizes long-term storage of inferred psychological and decision-making traits, which are sensitive and can be inaccurate, manipulative, or harmful if reused broadly.

Session Persistence

Medium
Category
Rogue Agent
Content
## OpenClaw Setup

On first install, create the user profile file:

```bash
cp ~/.openclaw/skills/botlearn-mental-models/assets/user-profile-template.md \
Confidence
92% confidence
Finding
create the user profile file: ```bash cp ~/.openclaw/skills/botlearn-mental-models/assets/user-profile-template.md \ ~/.openclaw/workspace/mental-models-profile.md ``` Then open `mental-models-pr

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal