ClawHub

Feynman Perspective V2

Security checks across malware telemetry and agentic risk

Overview

This is a low-risk Feynman-style teaching/persona skill made only of Markdown, with no code execution, credentials, network access, or persistence.

Install if you want a Feynman-style learning and simplification lens. Be aware that broad Chinese phrases like “简化” may trigger it unintentionally, and disable or narrow it if the persona appears during ordinary conversations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger list contains broad phrases such as '简化' and '费曼学习法' that can easily appear in normal user conversation, causing the skill to activate unintentionally. Over-broad activation can steer unrelated requests into this persona or reasoning frame, reducing user control and creating prompt-routing ambiguity even though the content itself is not overtly harmful.

Natural-Language Policy Violations

Medium
Confidence
72% confidence
Finding
The skill metadata and content are written entirely in Chinese and present the interaction style in that locale without offering an alternative or checking user preference. This can cause unintended language forcing, making the skill less usable and potentially misleading users who did not request Chinese output, though the security impact is limited.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger list includes very generic phrases such as “简化”, which are common in ordinary conversation and not clearly scoped to this skill. That makes accidental activation or prompt-routing collisions more likely, causing the assistant to enter this persona unexpectedly and potentially override the user’s intended task context.

Natural-Language Policy Violations

Medium
Confidence
89% confidence
Finding
The output policy says that after activation the skill will respond in a fixed first-person Feynman style, and the skill content is entirely in Chinese, implying a forced language/style without explicit user opt-in. This can override user language preference or system/application expectations, leading to unreliable behavior, reduced usability, and policy conflicts in multilingual environments.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal