ClawHub

ProClaw HumanOS Ultimate(专业人物技能分析与构建)

Security checks across malware telemetry and agentic risk

Overview

The skill is not clearly malicious, but it asks users for sensitive personality data and presents random or placeholder outputs as deep analysis, which needs careful review before use.

Install only if you are comfortable treating this as an experimental or entertainment-style profiling toolkit, not as validated psychological, employment, medical, or talent-assessment software. Avoid entering highly sensitive personal data, keep outputs local, review generated files before relying on them, and do not use its predictions or compatibility scores for consequential decisions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (23)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
execution_result = {
            'plan_id': f"research_{hash(str(research_plan))}",
            'started_at': str(subprocess.check_output(['date'])),
            'dimensions': {},
            'summary': {}
        }
Confidence
88% confidence
Finding
'started_at': str(subprocess.check_output(['date'])),

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill advertises and orchestrates shell execution, filesystem reads/writes, and network-based research but does not declare any permissions or user-consent boundaries. This creates a transparency and authorization gap: an agent may invoke powerful capabilities without the platform or user clearly understanding the skill's effective access level.

Tp4

High
Category
MCP Tool Poisoning
Confidence
84% confidence
Finding
The declared description is framed as analysis and HumanOS construction, but the documented behavior includes broader operational capabilities such as subprocess-driven research orchestration, local source scanning, output generation, and simulation workflows. When a skill's stated purpose understates its operational behavior, users and policy layers may approve it under false assumptions, increasing the risk of over-privileged or unexpected actions.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The scoring framework is internally inconsistent: the stated weighted formula produces values far above the documented 8–10 rating band, yet the example is still labeled as '优秀(8-10分)'. In a validation framework, this can cause downstream evaluators or agents to apply contradictory pass/fail logic, producing unreliable or manipulable assessment outcomes.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The analyzer claims to derive core axis positions from the supplied personality model and scan result, but `_analyze_single_axis` ignores both inputs and generates positions/strengths from seeded randomness based only on the axis name. This creates deterministic but fabricated outputs, which can mislead users into trusting false personality assessments and any downstream decisions based on them.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The file presents itself as performing deep HumanOS/personality analysis and evolution tracking, but most results are pseudo-analytic placeholders rather than evidence-based inference. In this skill context, that is dangerous because users may act on authoritative-looking reports, archetypes, and evolution metrics that are not grounded in their data.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The file advertises an '8-dimensional holographic scan' and '360-degree personality assessment', but the implementation derives scores from zodiac-based pseudo-random values and does not meaningfully use the supplied profile data. In a skill positioned as deep human analysis, this is dangerous because it can mislead users into trusting fabricated assessments as if they were evidence-based outputs.

Intent-Code Divergence

Low
Confidence
89% confidence
Finding
The comment claims identical output for the same input, but the seed only depends on dimension and zodiac sign, not the full profile input. This creates misleading determinism: materially different profiles can receive the same results, which undermines integrity and can conceal that the profile data is effectively ignored.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The function presents itself as network training but only generates random loss and accuracy values without performing gradient computation or updating weights. In a skill marketed for deep personality analysis and evolution tracking, this can mislead downstream users or systems into trusting fabricated model performance and outputs, creating integrity and decision-making risk.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The prediction path claims to forecast personality evolution, but it returns placeholder state changes, fixed outcome strings, and seeded pseudo-random activation data that are not derived from the actual network or current state. In this skill context, the mismatch between claimed analytical capability and actual behavior makes the issue more dangerous because users may rely on fabricated psychological predictions as if they were evidence-based.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The function claims to map a supplied personality model to path affinities, but it ignores the input data and instead generates deterministic pseudo-random scores from the path name alone. In a system presented as providing meaningful psychological analysis or decision support, this is dangerous because users may rely on fabricated outputs as if they were evidence-based, leading to misleading recommendations and loss of trust.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The path progression calculation presents itself as determining a user's current stage, but it selects the current node randomly rather than from actual progress indicators. In this skill's HumanOS/personality-analysis context, that makes the output deceptively authoritative and can misdirect users about their development status or recommended next steps.

Context-Inappropriate Capability

Low
Confidence
86% confidence
Finding
Using a system subprocess solely to get the current date grants unnecessary execution capability in a skill that otherwise performs local planning and file generation. In this skill context, that capability is unjustified and increases risk because agent skills should minimize privileged operations and external process execution.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The function advertises an '8-dimensional holographic scan' but only stores a fixed list of dimensions and placeholder values such as '待扫描'. In a skill marketed as deep human analysis, this is deceptive functionality that can cause users or downstream agents to rely on fabricated or unperformed analysis results.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The code claims to build a 'neural network simulation' but only returns a static dictionary of placeholder fields marked '待分析'. This creates misleading output that looks authoritative and could be consumed as if it were a genuine model, especially given the skill's high-confidence framing around personality and cognition.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The evolution-tracking step does not track any user history, events, or observations and instead writes fixed placeholder strings. In context, this is dangerous because the skill claims longitudinal analysis and may produce artifacts that appear personalized despite containing no real tracking or evidence.

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
Across the file, the implementation mostly emits a polished template with placeholders while presenting itself as a comprehensive HumanOS analysis engine. This is a substantive integrity issue: the skill context makes it more dangerous because it targets personality analysis, where users may make sensitive personal, interpersonal, or decision-making judgments based on outputs that were never actually derived.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README heavily promotes deep personality profiling, compatibility analysis, evolution tracking, and predictive assessments, including quasi-clinical or sensitive inferences, but provides no meaningful privacy, consent, data minimization, or limitation notice. This is dangerous because users may be encouraged to submit intimate psychological data without understanding retention, secondary use, profiling risks, or the unreliability and sensitivity of these inferences.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The trigger conditions are very broad, covering generic requests like building systems, analyzing personality, predicting evolution, integrating contradictions, or recommending people/themes from vague needs. Overbroad triggers can cause the skill to activate for ordinary conversations and collect data or invoke tooling in situations where the user did not intend a high-capability workflow.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly performs network-based research and writes outputs into local directories, yet it does not provide clear user-facing notice or consent requirements for external data access and file creation. This can lead to unanticipated outbound requests, data ingestion from untrusted sources, and local artifact creation that may overwrite or expose information.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The personality-analysis workflow asks for highly sensitive personal data such as birthday, profile data, personal.json content, and longitudinal state comparisons without any privacy warning, minimization guidance, or retention policy. Sensitive profiling data can reveal intimate attributes and can be mishandled, stored, or combined in ways users do not expect.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The activation description is broad enough to match many ordinary decision-support requests, which can cause the skill to be invoked outside its intended scope. Over-broad routing increases the chance of unintended behavior, prompt hijacking of general conversations, or suppression of more appropriate specialized skills.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The phrase about activating the skill is ambiguous because it describes post-activation behavior without specifying who activates it, under what conditions, or what prerequisites apply. This can lead to inconsistent orchestration and accidental invocation in contexts where the template is not safe or appropriate.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal