moe-persona-theater

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local persona-switching skill; it mainly changes response style and saves the selected persona locally.

Install this if you want selectable anime-style response voices. Before installing, be aware that it may answer in Chinese persona styles and will store the currently selected voice in ~/.openclaw/voice-hub.json until cleared.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger phrases are generic conversational commands such as '切换到', '切到', and '恢复默认' without clear namespace or routing constraints. In a chat environment, these broad triggers can cause accidental or adversarial activation of the skill, leading to unintended persona switching, response-style manipulation, and reduced reliability of the agent’s behavior across unrelated tasks.

Natural-Language Policy Violations

Medium

Confidence: 92% confidence
Finding: The file is entirely written in Chinese and defines persona behavior in that language, which can steer the agent into responding in Chinese by default without checking the user's language preference. In a persona skill, this is more likely to affect all downstream interactions because the role instructions are global and persistent across turns, making unintended locale forcing more likely than in a purely informational document.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal