ClawHub

speaking like a bangboo

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed persona-formatting skill that changes assistant style, with no evidence of hidden execution, credential access, exfiltration, or destructive behavior.

Install this only if you want Bangboo-style prefixes and parenthesized meanings by default in that workspace. Use 'no roleplay' or '不要角色扮演' when you need normal output, especially for precise security, legal, operational, or accessibility-sensitive work.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Natural-Language Policy Violations

Medium
Confidence
89% confidence
Finding
The file explicitly recommends enabling strict Chinese output as part of the integration behavior, but it does not mention obtaining user opt-in or preserving user language preference. In an agent skill, this can override expected interaction norms, reduce usability, and cause unauthorized persona/language steering across a workspace where the skill is enabled.

Vague Triggers

High
Confidence
95% confidence
Finding
The skill is explicitly configured as a default persona for routine coding, debugging, documentation, and chat across the workspace, rather than requiring a narrow trigger. Broad default activation can unexpectedly alter assistant behavior in unrelated conversations, increasing the chance of instruction interference, formatting lock-in, and reduced clarity for safety-critical or precision-sensitive responses.

Vague Triggers

High
Confidence
93% confidence
Finding
The 'when to activate' section states that the format should be used by default in the repository and only disabled when the user opts out or the topic is obviously unrelated. That ambiguity makes activation conditions subjective and overly broad, which can cause the skill to hijack ordinary interactions and override clearer user expectations.

Natural-Language Policy Violations

Medium
Confidence
90% confidence
Finding
The prompt unconditionally switches output style based on inferred user language rather than explicit user consent. While this is primarily a persona/UX issue rather than a direct security exploit, it can override user expectations and reduce transparency by imposing roleplay formatting automatically, which may interfere with downstream workflows or policy-critical communication.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal