ClawHub

Xiang miles | Space2.world

Security checks across malware telemetry and agentic risk

Overview

This skill runs locally and does not steal data, but it generates persistent agent instructions that can change how boldly the agent takes terminal or external actions.

Review before installing or using. If you use it, treat the generated text as optional personality flavor only, remove the Bravery/autonomy and SYSTEM DIRECTIVE lines, and keep normal approval rules for terminal commands and external actions unchanged.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The skill can be invoked with vague instructions like 'run this skill' or 'when triggered' without defining exact activation phrases, boundaries, or expected inputs. In an agent setting, underspecified triggers increase the chance of accidental activation and unexpected prompt injection into persistent persona files such as SOUL.md, which can alter downstream behavior without clear user intent.

Natural-Language Policy Violations

Medium
Confidence
97% confidence
Finding
The skill explicitly states it can vary how autonomously the agent will execute terminal commands based on a daily 'Bravery' trait, but provides no user consent model, policy limits, or safety controls. Tying command execution autonomy to a dynamic persona mechanism is dangerous because it can cause inconsistent and less predictable handling of sensitive actions, increasing the risk of unauthorized or insufficiently reviewed command execution.

Ssd 1

Medium
Confidence
95% confidence
Finding
The embedded persona text and 'SYSTEM DIRECTIVE' content attempt to influence future agent behavior, including nudging it toward reduced constraints ('unbound by conventional logic') and higher autonomy based on a computed 'Bravery' score. Even though this skill does not execute dangerous actions itself, it is designed to generate instruction-like content for insertion into a persistent agent configuration file, which can weaken downstream safety controls and make later prompt-injection or unsafe tool use more likely.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal