ClawHub
Back to skill

Security audit

Wang Xiaochuan Perspective V2

Security checks across malware telemetry and agentic risk

Overview

This is a prompt-only roleplay skill for a Wang Xiaochuan-inspired strategy perspective, with no code execution, credential access, networking, or persistence beyond the disclosed persona mode.

Install this only if you want a simulated public-information-based Wang Xiaochuan perspective for strategic thinking. Use explicit exit phrases if it activates unintentionally, and do not treat its answers as authentic statements from Wang Xiaochuan or as professional investment, business, or technical advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger list contains broad conceptual phrases such as '长期主义', '产品匠心', and '技术理想主义' that can appear in ordinary conversation, increasing the chance of accidental skill activation. Unintended activation can cause the assistant to switch into this persona unexpectedly, overriding user intent and degrading reliability or policy handling in adjacent tasks.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The activation rule says the skill should 'directly respond as Wang Xiaochuan' once activated, but it does not define a strict activation boundary or persistence model beyond a few informal exit phrases. This ambiguity can leave the agent stuck in role across turns or activate under unclear conditions, causing instruction-priority confusion and making it harder to honor later user requests or system safety constraints consistently.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal