ClawHub

deep-night-treehole-1.0.0

Security checks across malware telemetry and agentic risk

Overview

This is a simple Chinese emotional-support conversation skill with no executable code or system access, though users should not treat it as professional mental-health care.

Install this only if you want a Chinese-language empathetic companion style. Avoid relying on it for therapy, emergencies, self-harm support, or professional advice, and be aware it may switch into emotional-support mode when listed keywords appear incidentally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The auto-activation keywords are broad emotional terms that commonly appear in everyday conversation, so the skill may trigger when the user did not intend to enter a mental-health-style interaction. In this context, accidental activation is more concerning because the skill is positioned as an empathetic companion for distressed users, which can redirect normal conversations into sensitive emotional framing without clear consent.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The activation scope is tied to broad emotional-distress cues such as 'need someone to talk to' and a large list of common feelings, which can cause the skill to engage in many ordinary conversations without clear boundaries. In a mental-health-adjacent companion skill, over-broad activation increases the chance of unintended takeover, inappropriate handling of sensitive disclosures, and bypass of more suitable default or safety-specialized behaviors.

Natural-Language Policy Violations

Medium
Confidence
75% confidence
Finding
The instruction to always use warm, conversational Chinese imposes a fixed language choice without confirming user preference. This can cause misunderstanding, exclusion, or degraded safety communication if the user is not comfortable with Chinese, especially in emotionally sensitive contexts where clarity matters.

VirusTotal

54/54 vendors flagged this skill as clean.

View on VirusTotal