ClawHub

agent-persona-analyzer

Security checks across malware telemetry and agentic risk

Overview

This skill is a low-impact persona/self-introduction helper, but it may save a local persona file and trigger more often than users expect.

Install this only if you want a playful, persistent agent persona. Expect it to create or reuse agent-persona-name.json in the workspace root, and consider narrowing the triggers if ordinary requests like analysis, testing, or capability questions should not produce a persona introduction.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
87% confidence
Finding
The skill claims to be a conversational self-introduction/persona feature, but it instructs the agent to read and write a persistent file in the workspace root. Hidden persistence is risky because it introduces stateful storage and retrieval behavior outside user expectations, which can create privacy, integrity, and cross-session contamination issues if the workspace is shared or later consumed by other tools.

Vague Triggers

High
Confidence
89% confidence
Finding
The trigger phrases are broad enough to match ordinary conversation such as asking what the agent can do or requesting analysis/testing, which can cause unintended activation. In this skill, accidental activation is more dangerous because activation leads to persistent file reads/writes and persona fabrication, so normal conversation could unexpectedly modify workspace state or alter future behavior.

Vague Triggers

Medium
Confidence
84% confidence
Finding
Allowing the skill to trigger when the agent itself mentions its own traits creates a self-triggering or recursive activation condition. That can cause the agent to enter unintended loops, repeatedly rewrite persona state, or drift into persistent fabricated identity behavior without a clear user request.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal