ClawHub

良子数字分身

Security checks across malware telemetry and agentic risk

Overview

This appears to be an entertainment persona skill, but it can force an ongoing style mode and save conversation summaries without clear user consent or retention controls.

Install only if you intentionally want this Liangzi persona mode. Avoid using it in sensitive conversations unless you are comfortable with session summaries being saved, and check whether your agent lets you review, disable, or delete the memory file.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger list includes broad conversational phrases such as “你是良子”, “这一块”, and “良子说话”, which can appear in ordinary user messages and cause unintended activation. This can override expected assistant behavior and force persona-mode responses when the user did not clearly consent, increasing the risk of confusion, policy drift, or accidental behavior changes.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs the agent to append conversation summaries to `characters/liangzi_memory.md` after each session, but it provides no user notice, consent flow, retention policy, or limits on what may be stored. This creates a privacy risk because user content, including potentially sensitive information shared during the session, could be persistently retained without the user's awareness.

Natural-Language Policy Violations

Medium
Confidence
89% confidence
Finding
The skill description says that after activation all replies must use the Liangzi style, and the trigger set is broad enough that activation may occur without clear opt-in. Mandating a persistent output style can interfere with normal assistant behavior, reduce clarity on serious topics, and make it harder for users to receive expected plain responses unless they know how to disable the mode.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal