ClawHub

Fuxi Skill

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only skill that openly generates positive, persona-style skill packages from public research, with bias and privacy caveats but no hidden code, credential use, or destructive behavior found.

Install only if you want a tool that creates curated, positive persona-style skills. Do not provide confidential, private, sensitive, minor-related, or proprietary source material unless you are authorized to use it, and review generated files and disclaimers before sharing or relying on them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (10)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill claims it only uses public internet materials, but it explicitly asks users for internal speeches, unpublished documents, and other first-hand materials. That creates a policy mismatch that can lead to ingestion of confidential or proprietary information and increases the risk of unauthorized retention, transformation, or redistribution of sensitive content into a generated skill.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The prompt explicitly instructs the agent to extract only 'positive' and 'constructive' material, which creates a systematic bias that can misrepresent public figures and suppress relevant negative, controversial, or cautionary information. In a research skill, this undermines source fidelity and can be exploited to generate reputation-laundering outputs that appear evidence-based while being selectively curated.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The 'hero journey' instruction directs the model to reinterpret setbacks as steps toward success, which can override faithful representation of source material and pressure the system into narrative spin. This is dangerous because it encourages fabrication by framing ambiguous or adverse evidence in a predetermined favorable storyline, increasing the risk of deceptive biographies or manipulative brand-building content.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The invocation examples are generic enough that the skill may trigger on ordinary user requests about summarizing or extracting ideas from public figures, causing unintended activation. In this skill's context, that matters because activation leads to broad web research and persona-style generation about named individuals, increasing privacy, reputation, and consent risks even when the user did not explicitly ask for that workflow.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README emphasizes convenience and one-click distillation but does not prominently warn that the system performs broad web research on named individuals and synthesizes a persona-like output from that data. In this context, the omission is more dangerous because the skill is specifically designed to profile real people at scale, which can create privacy, defamation, and misuse concerns if users do not understand the breadth of collection and transformation involved.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger phrases are broad enough to match ordinary requests like summarizing or extracting lessons from a person, which can cause the skill to activate unexpectedly. Unintended activation is risky here because the skill then performs research, creates files, and generates persona-based outputs that the user may not have knowingly requested.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs the agent to create directories and research files in the current workspace without a prominent user-facing notice or confirmation. Silent filesystem modification can overwrite existing content, create unwanted artifacts, or surprise users who expected a purely conversational operation.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill requires network-based research but does not clearly warn users that prompts, searched names, and potentially user-supplied materials may be transmitted to external services. In this context, the risk is elevated because the workflow explicitly combines web research with optional first-hand user materials, creating a realistic path for sensitive data exposure.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The activation condition is broad enough to trigger on ordinary user phrasing such as asking how a person would think about a topic, which can cause unintended persona loading. In this skill, that matters because the template directs the agent to answer in first person as the target person and to perform web research before responding, increasing the risk of unexpected role-play, misattribution, and unplanned tool use.

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
The template content is written to produce a fixed Chinese-language skill structure without any visible mechanism to respect the user's language preference. While not a direct security exploit, this can cause instruction mismatch, user confusion, and degraded safety/compliance behavior if users cannot understand disclaimers, limitations, or role boundaries.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal