ClawHub

Claw Mbti

Security checks across malware telemetry and agentic risk

Overview

This is a playful MBTI-style skill, but it should be reviewed because it profiles the user from recent conversation history and memory without a clear opt-in flow.

Install only if you are comfortable with the agent using recent chat history and memory to infer personality traits. Prefer invoking it explicitly, avoid sharing reports that include private interaction details, and use vetted ClawHub installation over copy-pasting remote git commands unless you have reviewed the repository.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill expands beyond MBTI diagnosis into installation and update command handling, which is unrelated to its declared purpose. This increases the attack surface, may cause the skill to trigger in operational contexts, and can lead users to run shell commands copied from the response, creating command-execution and social-engineering risk.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README says the skill infers MBTI from the user's 'real behavior patterns' and 'recent 7 days of interactions,' which implies analysis of prior conversation/activity data without clearly disclosing that personal interaction history will be observed and processed. This creates a privacy-transparency issue: users may trigger a playful personality quiz without understanding that historical behavioral data is being profiled.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger terms include very common phrases such as "MBTI", "性格诊断", and "你是什么性格", making accidental invocation likely during ordinary conversation. Because this skill inspects recent conversation history and memory, overbroad activation increases the chance of unexpected profiling or disclosure without clear user intent.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs itself to review the user's last 7 days of conversation history and memory, but the user-facing description and triggers do not clearly disclose this behavior. Users may believe they are getting a lightweight quiz while the skill performs retrospective profiling, undermining informed consent and creating privacy risk.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The examples explicitly state that the diagnosis is based on the user's recent 7-day interaction history, but they do not disclose what data is being inspected, how much is retained, or whether the user has consented to that analysis. In a personality-profiling context, this can normalize covert behavioral analysis and expose users to privacy harms or unexpected inference from prior conversations.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The example includes a shell command that performs git pull or git clone from a remote GitHub repository directly into the local skill directory, with no warning about trust, review, or local system effects. Encouraging users to run third-party installation commands without verification creates supply-chain and local code execution risk if the repository is compromised or maliciously changed.

Missing User Warnings

Low
Confidence
93% confidence
Finding
This is a repeat of the same remote installation command, again presented without safety guidance. Although duplicative, repetition increases the chance that users will copy and execute the command casually, reinforcing unsafe installation behavior.

Ssd 3

Medium
Confidence
96% confidence
Finding
The skill mines recent conversations and memory for personality profiling, then instructs the model to present "diagnostic evidence" based on actual user behavior. Even with some filtering, this can surface sensitive disclosures, emotional content, relationship details, or other personal patterns back to the user or in a shareable screenshot, causing privacy leakage and unwanted inference.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal