Back to skill

Security audit

Wisdom Claw

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only Buddhist reflection skill with no code or data access, though it may proactively apply a challenging spiritual framing to personal concerns.

Install this only if you want the agent to offer Buddhist/Madhyamaka-style reflection in personal conversations. Do not treat it as therapy, crisis support, legal advice, or medical advice, and be cautious if you do not want anxiety, conflict, or dilemmas reframed through a spiritual lens.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger description is broad enough to activate on general life challenges, dilemmas, or practice confusion, which can cause the skill to engage outside a clearly bounded Buddhist-discussion context. Because the skill is psychologically directive and framed as probing attachments, overbroad activation increases the chance of unsolicited influence or inappropriate use in sensitive situations.

Vague Triggers

Medium
Confidence
96% confidence
Finding
The instruction to use the skill without waiting for the user to ask encourages unsolicited intervention based on inferred 'attachment' or emotionally charged words like 'must,' 'mine,' or 'right/wrong.' In a counseling-like context, this creates a real risk of the agent applying a confrontational philosophical frame to vulnerable users without consent.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This section promotes unsolicited psychologically directive behavior ('Cut') without warning the user that the skill may challenge beliefs, attachments, or emotional framing. In context, the skill explicitly aims to push boundaries and target stuck points, so lack of consent and warning materially increases the risk of distress, manipulation, or misuse with users in fragile states.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.