Claw Mbti

Security checks across malware telemetry and agentic risk

Overview

This skill is a playful personality-report tool, but it profiles recent chat history and memory without a clear opt-in and packages the result for sharing.

Install only if you are comfortable with the skill using recent conversations and memory to infer personality traits. Review any generated report before sharing it, and prefer the ClawHub install path over copying the GitHub pull/clone command unless you trust and have reviewed that repository.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (10)

Description-Behavior Mismatch

Medium

Confidence: 91% confidence
Finding: The skill’s declared purpose is MBTI-style personality diagnosis, but it also includes installation/update handling and operational support flows. That scope expansion can cause the skill to trigger in contexts unrelated to diagnosis, increasing the chance of unintended command guidance or cross-purpose invocation that the user did not expect.

Description-Behavior Mismatch

Low

Confidence: 95% confidence
Finding: The skill instructs the model to review the user’s recent 7-day conversation history and memory, which is broader data access than the user-facing skill description clearly discloses. Even if intended for personalization, mining prior conversations without explicit, contextual notice creates a privacy risk and can expose sensitive behavioral inferences.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The README says the skill infers MBTI from the user's recent interaction behavior, which is a form of behavioral profiling and may rely on conversation history or metadata. Because the documentation does not clearly disclose what data is analyzed, over what time window, whether data is stored, or how consent is obtained, users may be profiled without informed understanding of the privacy implications.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger phrases include broad terms like 'MBTI', '性格诊断', and '性格测试', which are common in ordinary conversation. Overly broad activation can cause the skill to run unexpectedly, especially dangerous here because the skill also inspects prior conversation history and produces personality inferences.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill tells the model to review recent 7-day conversation history and memory, but there is no clear user-facing privacy warning at the point of use. This means users may unknowingly consent to a retrospective behavioral analysis of prior chats, including potentially sensitive subjects not intended for reuse in a personality report.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The example output explicitly says the diagnosis is based on the user's recent 7 days of interaction patterns, which is a form of behavioral profiling. Even though this is only documentation, it normalizes analyzing conversation history without any notice, consent language, retention limits, or opt-out, which can mislead users about how their data is used.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The installation snippet performs a git pull or git clone directly into a local skills directory, which modifies local files and fetches remote code, yet the example gives no warning that it changes the user's environment. Users may copy-paste it without understanding that they are installing or updating executable skill content from a remote repository.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: This repeated install/update command has the same risk as the earlier instance: it pulls remote content into the user's local workspace without disclosure of file-system impact or code provenance. Repetition in examples increases the chance that users treat it as harmless boilerplate and run it without review.

Ssd 3

Medium

Confidence: 97% confidence
Finding: The skill directs the model to mine prior conversation history and memory, then use that behavioral data as the basis for a personality assessment. This is dangerous because it turns latent historical data into explicit profiling, which can reveal sensitive traits, habits, or emotional patterns the user did not intend to surface in a diagnostic output.

Ssd 3

Medium

Confidence: 98% confidence
Finding: The required output format asks the model to present user-derived evidence from prior interactions in a polished, shareable report, including screenshot-sharing prompts. That materially increases privacy harm because it encourages redistribution of behavioral inferences and excerpts derived from historical chats, potentially exposing sensitive personal patterns to third parties.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal