Weclone Init Twin

Security checks across malware telemetry and agentic risk

Overview

This skill locally creates persona template files and shows no hidden network, credential, or destructive behavior.

Install only if you want a local persona directory. Treat the generated markdown as private personal data, avoid putting in credentials or unnecessary third-party details, choose the target directory carefully, use --force only when you intend to replace files, and consider changing the template line that allows unsafe content on request.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 94% confidence
Finding: The guardrail explicitly permits unsafe content whenever the user asks for it, with human approval as the only backstop. That weakens the safety boundary from 'disallow harmful output' to 'allow harmful drafting,' which can facilitate harassment, privacy violations, threats, or other damaging content even if a human is expected to approve it before sending.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal