Claw Mbti

Security checks across malware telemetry and agentic risk

Overview

This personality skill is not malware, but it needs Review because it profiles recent chat history and memory without a clear opt-in and makes the result shareable.

Install only if you are comfortable with the skill reviewing recent chats and memory to infer personality traits. Treat generated reports as private until you review them, and prefer the ClawHub install path over the raw GitHub clone/pull command unless you have verified the repository.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (9)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The README explicitly says the skill infers MBTI from a user's 'real behavior patterns' and references analysis of the 'recent 7 days of interactions,' but it provides no privacy disclosure, consent mechanism, retention details, or explanation of what conversation data is accessed. Even without code shown here, this documentation normalizes behavioral profiling from prior chats, which can mislead users into granting broad access to sensitive interaction history without informed consent.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger phrases include very common terms such as "MBTI", "性格诊断", and "性格测试", which can cause the skill to activate during ordinary conversation unrelated to an explicit request for this specific feature. In this skill's context, accidental activation is risky because the skill then instructs the model to inspect the user's recent conversation history and memory.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill directs the model to analyze the user's last 7 days of conversation history and memory, but it does not require a clear user-facing notice or consent flow before doing so. That creates a privacy risk because users may believe they are answering a lightweight quiz, while the skill is actually mining prior interactions to infer personality traits.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The example includes a shell one-liner that will modify the user's local workspace by running `git pull` or `git clone` into `~/.openclaw/workspace/skills/claw-mbti` without any warning, confirmation step, or explanation of side effects. Even though it appears in documentation rather than executable code, users may copy-paste it directly, causing unintended filesystem changes and pulling unreviewed remote content into an active skills directory.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: This repeated install command has the same risk profile: it encourages users to execute a filesystem-modifying `git pull`/`git clone` command directly in their skill workspace with no warning about overwriting local state, changing installed behavior, or trusting remote code. Repetition in examples increases the likelihood that users treat it as endorsed and safe to paste blindly.

Ssd 3

High

Confidence: 98% confidence
Finding: This instruction explicitly tells the model to review the user's recent conversation history and memories to derive a personality profile. Inferring personal traits from retained interactions is sensitive processing, and it becomes more dangerous here because the output is a polished report intended for end-user consumption rather than an internal-only computation.

Ssd 3

High

Confidence: 97% confidence
Finding: The skill requires the final report to cite the user's actual prior behaviors and natural-language content as diagnostic evidence. Even if summarized, this can expose private topics, communication habits, emotions, or relationship details from previous chats back to the user or to anyone the report is shared with.

Ssd 3

High

Confidence: 96% confidence
Finding: The mandated evidence table ties each MBTI dimension to behavior observed in the last 7 days, creating a structured mechanism for resurfacing user-derived inferences. Because the format is explicit and user-visible, it increases the chance of disclosing sensitive patterns from prior conversations in a concise, screenshot-friendly form.

Ssd 3

Medium

Confidence: 94% confidence
Finding: The skill explicitly optimizes the report for sharing, which amplifies the privacy risk of any personality inference or behavioral summary derived from prior chat history. A screenshot-ready format encourages onward disclosure of potentially sensitive inferences beyond the original chat context.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal