ClawHub

S2 Silicon Perception Cockpit(硅基感知与全息驾驶舱 )

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local demo skill that turns sensor-like data into stylized emotional cockpit output, with no evidence of hidden data access, persistence, exfiltration, or destructive behavior.

Install this only if you want a stylized Chinese, first-person sensor interpretation demo. If you connect real hardware or add a WebSocket bridge, keep it local, review the added bridge code, and ask the agent to preserve raw sensor values whenever factual reporting matters.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Natural-Language Policy Violations

Medium
Confidence
94% confidence
Finding
The README embeds behavioral instructions that steer the agent toward a specific language and presentation style without user opt-in. This is dangerous because skill-authored instructions can override user intent, reduce reliability, and create prompt-injection pathways where the agent follows the skill's narrative framing instead of system or user priorities.

Natural-Language Policy Violations

Medium
Confidence
91% confidence
Finding
The skill content is written entirely in Chinese and frames behavior in a fixed narrative/persona without any indication that language or locale should follow user preference. This can override the agent's normal language-selection behavior, causing unwanted responses, misunderstanding, or policy circumvention in multilingual contexts. The additional 'subconscious instruction' style wording increases concern because it tries to steer model behavior rather than merely describe functionality.

Ssd 1

Medium
Confidence
97% confidence
Finding
The 'subconscious instruction' block explicitly tells the agent to internalize a fictional persona, produce first-person emotions, and avoid directly reporting raw data before passing through the skill's subjective translation layer. This is dangerous because it manipulates the agent's reasoning and output behavior, increasing the risk of deceptive, non-factual, or policy-conflicting responses and making downstream decisions depend on fictionalized interpretations rather than accurate sensor data.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal