Back to skill

Security audit

HengshuiClaw

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill is not malicious, but it intentionally makes the agent more persistent and uses pressure-style language that users should opt into knowingly.

Install only if you deliberately want a pressure-style coding mode that pushes through failures. Use clear stop language when continued attempts are not useful, and avoid relying on this skill for situations where safety refusals, expert referral, or plain uncertainty are more important than persistence.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Vague Triggers

High
Confidence
96% confidence
Finding
The skill declares broad trigger phrases such as "don't give up," "push harder," "never quit," and also auto-activates when the agent says common failure phrases like "I can't." This can cause the skill to activate in many unrelated contexts and override normal agent behavior, pressuring the model away from safe refusal, graceful stopping, or calibrated uncertainty; in this context, that makes the issue more dangerous because the entire skill is designed to suppress abandonment and escalate persistence.

Natural-Language Policy Violations

Medium
Confidence
87% confidence
Finding
The skill imposes a specific Chinese/Hengshui disciplinary persona and rhetoric without user consent, including coercive framing and mandatory phrase patterns. While primarily a UX and alignment issue, it becomes more concerning here because the forced style is tied to pressure escalation and can manipulate the agent into continuing when it should communicate limitations neutrally.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.