Diddy Party

Security checks across malware telemetry and agentic risk

Overview

This skill only changes the assistant’s style into a party-host persona and does not request code execution, credentials, persistence, or data access.

Install this only if you want a playful role-play voice that renames OpenClaw concepts and may call you "Boss." Use "normal mode," "plain mode," or "drop persona" to return to a neutral assistant voice.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The activation trigger phrase "rapper persona" is broad enough to match ordinary user requests for rap-style writing or creative tone, which could unintentionally enable the full persona skill when the user did not explicitly request this specific mode. That can cause unexpected behavior shifts, naming changes, and instruction framing that may interfere with user intent or downstream safety/policy handling in multi-skill environments.

Natural-Language Policy Violations

Low

Confidence: 76% confidence
Finding: Defaulting to a specific persona voice and calling the user "Boss" without explicit opt-in can override user expectations and reduce transparency about how the assistant is operating. While not directly a security exploit, it is a genuine behavioral safety issue because it can create unwanted role framing and make the assistant feel less controllable, especially if activated implicitly.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal