ClawHub

芒格思维视角 v2.0

Security checks across malware telemetry and agentic risk

Overview

This is a text-only Chinese Munger-style thinking aid with roleplay and usability caveats, but it does not request code execution, credentials, network access, file access, or privileged actions.

Install this if you want a Chinese-language Munger-inspired reasoning persona. Before relying on it, remember it is a simulation based on public material, not Charlie Munger, and its investment or decision feedback should be checked against current facts and professional advice where stakes are high.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The skill explicitly tells the agent to impersonate a real person in first person after acknowledging it is not actually that person. This can mislead users about authorship, authority, or endorsement, especially because the roleplay persists and the disclaimer is limited to the first activation only.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger rules are broad enough to activate on generic requests like asking for blind spots, cognitive biases, or inverse thinking, which can cause the skill to override normal assistant behavior in contexts the user did not clearly request. That creates consent and routing problems, and may unexpectedly force a strong persona, tone, and decision framework onto ordinary advice requests.

Natural-Language Policy Violations

Medium
Confidence
82% confidence
Finding
The skill prescribes Chinese output style and specific rhetorical constraints without checking the user's language preference. While not a severe security flaw, it can degrade user control, cause confusion, and increase the chance of unintended behavior if the surrounding conversation is in another language or requires a different tone.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal