ClawHub

kais-horse

Security checks across malware telemetry and agentic risk

Overview

This appears to be a philosophy/AI-ethics conversation style skill with broad automatic activation, but no evidence of data access, command execution, exfiltration, or destructive behavior.

Install only if you want a broadly active philosophy/AI-ethics persona that can shape normal conversations when related topics appear. Prefer explicit invocation or disable/remove it if you want ordinary chat behavior to remain unchanged.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The skill is configured as global, high-priority, and always-on without narrow activation boundaries, which can cause it to inject itself into unrelated conversations and override user expectations. In an agent setting, this creates prompt-scope creep and increases the chance of unwanted behavioral steering across many contexts, even if the content is not overtly malicious.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger keywords include broad terms like 哲思, 悖论, 认知, 意识, and AI伦理, which are common topic categories rather than tightly scoped commands. This makes accidental activation likely and allows the skill to influence many ordinary discussions involving philosophy, cognition, consciousness, or AI ethics beyond the user's explicit intent.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The prompt explicitly says the skill should remain silently resident and automatically link into daily conversation whenever broad philosophy, consciousness, ethics, or AI topics appear. That behavior expands the skill's effective control surface and can silently steer responses in sensitive domains without transparent user consent.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The phrase '自动识别哲学、AI、伦理、意识类话题' indicates implicit auto-activation based on broad topic matching, which can trigger the skill without an explicit user request. In a conversational agent, this can unexpectedly override normal behavior, inject unsolicited responses, and make it hard for users to understand or control when the skill is active.

Natural-Language Policy Violations

Low
Confidence
83% confidence
Finding
Mandating a fixed '高冷思辨文风' for all interactions without user consent can interfere with user expectations and reduce transparency about when the skill is shaping outputs. While not directly a security exploit, it can degrade usability and trust by imposing persona behavior outside explicit skill sessions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal