ClawHub

liuyao-divination

Security checks across malware telemetry and agentic risk

Overview

This is a coherent divination report skill that runs local charting/report scripts and saves local report files, with no evidence of exfiltration, destructive behavior, or hidden credential access.

Install only if you are comfortable with the skill saving your question and analysis as local files, usually under ~/Desktop, and possibly installing sxtwl if you choose that option. Choose the pure-Python fallback to avoid a package install, and delete the generated report directory if the question is private.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The skill explicitly instructs the agent to install `sxtwl` into the host environment via `pip install sxtwl`. Modifying the host runtime is unnecessary for a divination skill's core function and creates supply-chain, persistence, and environment-integrity risks, especially because the package source and version are not pinned or sandboxed.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill mandates creating directories and writing multiple markdown files to `~/Desktop`, causing persistent modification of the user's filesystem. This exceeds what is needed for conversational divination and can expose private data, clutter the host, and normalize unsafe write behavior without clear necessity or consent.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The skill directs execution of local Python commands for environment probing and later script execution, expanding the skill from content generation into host command execution. Even if the commands appear limited, this materially increases attack surface and can be abused when combined with other instructions or modified local scripts.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs the agent to create Desktop files without any up-front warning that it will modify the filesystem. This deprives the user of meaningful consent and increases the chance of unexpected persistence of sensitive or personal divination content.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill directs local command execution and package installation without a prominent safety warning or explicit approval workflow. Users may not realize the skill can alter the environment, install software, or invoke local interpreters, which is a significant trust and safety gap.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill persists artifacts under a Desktop directory derived from the user's question and metadata, but gives no privacy or retention warning. Because divination questions may contain intimate personal topics, local persistence can expose sensitive information to other users or backups on the machine.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill saves structured JSON and HTML reports derived from user content, again without explicit consent or privacy disclosure. Structured exports increase the sensitivity of the stored data because they are easy to search, copy, and reuse outside the original interaction.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal