ClawHub

Ning Gaoning Perspective V2

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Chinese business-strategy persona skill with no code or privileged access; the main issue is that broad business phrases could activate the roleplay unexpectedly.

Use this skill as a simulated management-framework brainstorming aid, not as real statements from Ning Gaoning or as professional financial, legal, governance, or investment advice. Invoke it explicitly by name when you want the persona, and be aware that common business terms in the trigger list may activate it unintentionally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger list contains generic business phrases such as '战略导向', '6S 管理', and '产业金融' that are broad enough to appear in ordinary enterprise discussions. This can cause unintended skill activation, unexpectedly switching the assistant into a roleplay/persona mode and overriding user intent, which is a real prompt-scope and reliability issue even though it is not overtly malicious.

Natural-Language Policy Violations

Medium
Confidence
79% confidence
Finding
The role instructions strongly prescribe a fixed persona style in Chinese without offering language choice, which can cause the assistant to ignore the user's preferred language or accessibility needs. This is primarily a usability and policy-compliance issue rather than a direct security exploit, but it can still lead to unintended behavior and reduced user control.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal