ClawHub

塔勒布思维视角 v2.0

Security checks across malware telemetry and agentic risk

Overview

This appears to be a prompt-only Taleb-style analysis skill with some broad activation and language-preference risks, but no evidence of hidden code, data access, persistence, or harmful actions.

Install if you want a Taleb-style analysis lens and are comfortable with common terms like black swan or antifragile potentially activating it. Prefer explicit invocation when possible, and disable or narrow the skill if it interrupts ordinary risk, investing, or strategy discussions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger list contains broad generic phrases such as “黑天鹅”, “反脆弱”, and “杠铃策略” that can appear in ordinary discussions of risk, investing, or strategy. This can cause unintended activation of the skill in unrelated contexts, leading to prompt/behavior hijacking of the assistant’s persona or decision style when the user did not explicitly request this specialized mode.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger list includes broad conversational phrases such as "黑天鹅" and "反脆弱" that can easily appear in ordinary discussion about risk, markets, resilience, or books, causing unintended activation. In an agent setting, accidental invocation can hijack user intent, apply an unwanted persona or reasoning frame, and degrade reliability, especially because the skill is designed to strongly steer responses through a specific worldview.

Natural-Language Policy Violations

Medium
Confidence
85% confidence
Finding
The description and trigger definitions are written to enforce a Chinese-language interaction style without explicit user opt-in, which can override user language preference and reduce transparency. In a multi-skill agent, forced language behavior can mis-handle user requests, impair comprehension, and create a form of prompt-level control that activates unexpectedly when broad triggers match.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal