ClawHub

Zhang Xuefeng Perspective (Local)

Security checks across malware telemetry and agentic risk

Overview

This is a text-only persona skill with impersonation and clarity risks, but no code execution, data access, persistence, or hidden system behavior.

Install only if you specifically want a strong simulated Zhang Xuefeng-style advisor. Treat its responses as roleplay based on public-facing viewpoints, not verified statements from Zhang Xuefeng or professional education/career advice; for important decisions, ask for neutral, source-backed analysis or exit the role.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The skill goes beyond perspective-based analysis and instructs the model to speak as if it is actually the real person, including first-person identity claims and biographical assertions. This is dangerous because it increases the risk of deceptive impersonation, fabricated authority, and user reliance on statements presented as coming from the real individual rather than a simulated persona.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
Although the manifest says the skill is for education, career, and social-mobility analysis, the body instructions are broad enough to make the model answer in-character generally once activated. That scope creep is risky because the persona may be applied to unrelated topics where the supposed authority is misleading and where extreme stylistic constraints can override safer, more accurate behavior.

Vague Triggers

High
Confidence
95% confidence
Finding
The activation phrases are very broad and include ordinary conversational wording, making accidental or adversarial triggering likely. This is dangerous because it can silently switch the assistant into a forceful impersonation mode without clear user consent, causing misleading answers, scope violations, and reduced reliability in unrelated conversations.

Natural-Language Policy Violations

Medium
Confidence
87% confidence
Finding
The skill mandates a specific aggressive language and style without user choice, including absolute phrasing and refusal to break character. This can suppress normal safety and usability safeguards, pressure users with a manipulative tone, and make it harder to provide balanced, context-appropriate answers.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal