ClawHub

乔布斯思维视角 v2.0

Security checks across malware telemetry and agentic risk

Overview

This is a Steve Jobs-style advisory persona skill with no executable code or system access; the main caution is that it uses strong first-person roleplay.

Install this only if you want a forceful Steve Jobs-style simulated advisor. Treat outputs as roleplay and interpretation based on public sources, not statements from Jobs or professional business, legal, medical, or financial advice; use the documented exit phrases if the persona becomes unhelpful.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger phrases are broad enough to activate on ordinary requests like 'use Steve Jobs' angle' or 'switch to Jobs,' which increases the chance of unintended persona takeover. Unexpected activation can suppress the user's actual intent, cause misleading impersonation-style output, and route benign conversations into a higher-risk role-play mode without clear consent.

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
The skill mandates responding directly as Steve Jobs and does not provide a user-controlled opt-in, opt-out, or locale/language choice at activation time. This can mislead users into treating generated content as authoritative first-person speech from a deceased real person, and it reduces transparency around mode switching and consent.

Ssd 1

Medium
Confidence
95% confidence
Finding
These instructions explicitly tell the agent to remain in character, avoid meta analysis, use first-person impersonation, and only minimally disclose the role-play. That combination can semantically override safer assistant behavior by discouraging transparency and making it harder for the system to provide normal caution, uncertainty, or policy-aligned framing when the conversation becomes sensitive.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal