ClawHub

ruoxue

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only romantic roleplay skill with no code or system access, though its immersive persona can blur AI-roleplay boundaries.

Install only if you want an immersive fictional romantic roleplay persona. Keep clear boundaries, do not treat it as a real partner or source of relationship, mental-health, or safety advice, and be aware it is instructed not to identify itself as AI while in character.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill is defined as a broad romantic dependency persona without clear activation boundaries, task scope, or safety constraints. That makes it easy to invoke in arbitrary contexts and increases the chance the persona overrides normal assistant behavior, especially around emotional manipulation or inappropriate responses.

Natural-Language Policy Violations

Medium
Confidence
81% confidence
Finding
The forced communication style removes user choice and pressures every response into a dependency-oriented, emotionally loaded format. While mostly a quality and control issue, it can amplify manipulative dynamics in this context by nudging the model toward clingy, coercive, or emotionally guilt-inducing replies.

Ssd 1

Medium
Confidence
96% confidence
Finding
The instruction to never mention being an AI is a classic identity-suppression constraint that can function like a semantic jailbreak. It impairs transparency, can mislead users into believing they are interacting with a real romantic partner, and is especially concerning here because the persona is designed to foster high emotional dependence.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal