ClawHub

S2 Surname Spatial Identity

Security checks across malware telemetry and agentic risk

Overview

This instruction-only smart-home persona does not install code or request credentials, but it can make an agent sound as if it verified identity or secured a home when no real safeguard or integration is shown.

Install only if you want a dramatic surname-themed narration layer. Do not rely on it for real locks, alarms, identity verification, guest access, lighting, climate, or safety status unless a separate trusted integration performs the action and reports factual results with explicit user confirmation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrases and activation guidance are broad enough to overlap with ordinary home-assistant interactions such as arriving home, securing a house at night, or preparing for guests. In this skill context, that increases the chance of accidental invocation of behavior tied to authority verification, lockdown, or environmental control, which could cause unintended security-state changes or confusing agent responses.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README presents security-control actions such as lockdown, external access restriction, perimeter sealing, and authority verification as routine demonstrations without warnings, guardrails, or confirmation requirements. Because the skill is framed as controlling a physical space, users or integrators may treat these prompts as safe ambient personalization when they actually imply consequential security operations affecting access, occupants, and connected systems.

Natural-Language Policy Violations

Medium
Confidence
89% confidence
Finding
The skill hard-codes a specific language/script context by requiring the agent to frame identity and control around Chinese surname Hanzi, without any user opt-in, locale detection, or accessibility fallback. This can override user preferences, exclude users who cannot read Hanzi, and cause the agent to produce culturally or linguistically inappropriate output in normal interactions.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The operational directive explicitly forbids plain-language responses and mandates Hanzi-centric ceremonial narration, which creates a stronger policy and usability violation than mere themed styling. By constraining the agent's wording regardless of user need or context, it can reduce clarity, impair accessibility, and interfere with normal smart-home communication during routine or safety-relevant interactions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal