ClawHub

Claw Mbti

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly a playful MBTI-style report generator, but it can inspect recent chat history and memory without a clear opt-in step.

Review before installing if you are not comfortable with a skill analyzing recent conversation history and memory for personality inferences. Prefer the ClawHub install command over the raw GitHub clone/pull command, and inspect any generated report before sharing a screenshot.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The manifest presents the skill as an MBTI diagnosis tool, but the body also implements installation/update support and versioned operational responses. This creates a scope mismatch that can mislead users and reviewers about what the skill does, reducing informed consent and increasing the chance of unexpected behavior when broadly triggered.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The skill instructs the agent to inspect the user's last 7 days of conversation history and memory for personality profiling, but this capability is not clearly disclosed in the manifest purpose statement. Hidden profiling of prior conversations is privacy-sensitive because users may trigger a casual 'MBTI' interaction without realizing historical data and memory will be mined.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README states the skill bases its diagnosis on the user's recent 7 days of "real interaction behavior," which implies behavioral profiling from prior conversations. There is no accompanying disclosure about what data is accessed, how long it is retained, whether analysis is local, or how consent is obtained, creating a real privacy and transparency risk even if the feature is only descriptive marketing text.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger terms include common phrases such as 'MBTI', '性格诊断', and '你是什么性格', which are broad enough to match ordinary conversation. Because activation can lead to retrospective analysis of 7 days of history, overly broad triggers increase the likelihood of accidental invocation of a privacy-impacting workflow.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill describes reviewing recent conversation history and memory for analysis without a clear user warning at the point of use. This is dangerous because the output is a shareable personality report, so private historical content may influence visible conclusions without informed consent.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The example output embeds a shell command that performs git pull/clone and writes into the local skills directory without warning the user that it will execute commands and modify the filesystem. Users may copy-paste it directly from the skill output, creating a social-engineering path to unintended code retrieval and local changes.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
This repeated install command has the same problem: it encourages direct shell execution and local filesystem modification with no user-facing warning. Repetition increases the chance that users treat it as a normal part of the skill interaction and execute it without understanding the consequences.

Ssd 3

Medium
Confidence
97% confidence
Finding
The skill explicitly instructs reuse of the user's last 7 days of conversation history and memory to produce a report intended for sharing. Even though it asks to avoid quoting certain content types, it still performs behavioral profiling from prior interactions, which can expose sensitive personal patterns or inferences in a user-visible artifact.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal