ClawHub

Persona Forge

Security checks across malware telemetry and agentic risk

Overview

This AI companion skill is transparent about local memory and scheduled proactive messages, but users should enable those features deliberately.

Install only if you want a companion that keeps local relationship/memory files and may create recurring scheduled messages. Review or disable cron jobs, message channels, web search, image/TTS/STT providers, and any uploaded chat logs, especially if those logs include other people.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Natural-Language Policy Violations

Medium
Confidence
78% confidence
Finding
The skill explicitly frames the product as primarily a romantic companion without describing a clear opt-in flow for relationship style, intensity, or boundaries. In an emotionally manipulative companion context, defaulting users into romantic framing can create consent and safety issues, especially for vulnerable users or where the assistant initiates messages proactively.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The quick-start examples are broad enough to trigger sensitive behaviors such as ingesting uploaded chat logs, generating persistent profiles, enabling scheduled messaging, and potentially initiating web searches based on character names, without clearly requiring explicit user confirmation for each action. In a companion skill that stores memory and automates outreach, ambiguous trigger phrases increase the risk of unintended data processing and autonomous behavior from casual user input.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The guide describes automatic creation of cron tasks and later documents personalities that may send 12–20+ or even 20+ messages per day, but the quick-start section does not prominently warn that setup may enable high-volume automated outbound messaging. In this context, that can lead to spammy behavior, user surprise, platform abuse, and persistent unwanted contact, especially because the skill is designed to maintain relationship state and proactively message over time.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal