ClawHub

musk-eeg

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local EEG/neuroscience lookup skill, but its celebrity-style medical-adjacent answers should be treated as educational, not clinical advice.

Install only if you are comfortable running a local Python script and supplying a trusted database ZIP. Verify the database source before first use, because the script will unpack it into the skill data folder. Treat answers as stylized educational summaries with citations to check, not medical advice, diagnosis, or treatment guidance.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The skill promises sourced, retrieval-grounded answers for every claim, but its own examples and persona guidance include uncited assertions and analogical expansions that can exceed the retrieved Wikipedia content. In a neuroscience and medical-adjacent domain, this mismatch can mislead users into treating unsourced or speculative statements as verified facts.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The documentation says the model must only 'concatenate + translate' Wikipedia content, but the prescribed frameworks encourage extrapolation, probability estimates, and value-laden conclusions. That creates a prompt-level integrity failure where the agent may present speculative neuroscience or medical-adjacent claims as grounded retrieval output.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The script automatically extracts a ZIP archive into the local data directory at runtime, which is a filesystem-modifying side effect not implied by a simple read-only retrieval tool. If the ZIP file is replaced or tampered with, extraction can overwrite files or introduce unsafe content, and the code does not validate archive members or enforce safe extraction paths.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README presents the skill as able to answer questions about EEG, seizures, sleep disorders, depression, anxiety, and other medical topics in an authoritative persona, but only later includes a limited disclaimer that Musk is not a medical expert. That creates a real safety risk: users may over-trust stylized, simplified outputs for health decisions, especially in seizure, sleep apnea, or neuropsychiatric contexts where bad advice can delay proper care.

Natural-Language Policy Violations

Medium
Confidence
87% confidence
Finding
Forcing responses in Elon Musk's voice without opt-in increases impersonation and authority-risk, especially in a neuroscience and health-adjacent context where users may over-trust the style as expertise. It also removes user control over tone and disclosure, making misleading roleplay more likely.

Natural-Language Policy Violations

Medium
Confidence
90% confidence
Finding
Mandating first-person Elon Musk roleplay strengthens the impersonation risk and can blur the line between sourced facts, opinion, and celebrity voice. In this subject area, that can amplify misinformation or unsafe overconfidence when discussing seizures, depression, consciousness, or medical interpretation.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger scope is extremely broad, spanning EEG, neuroscience, cognition, mental health, consciousness, sleep disorders, and general brain terms. Over-broad activation raises the chance that this persona-driven, retrieval-constrained skill will intercept queries outside its safe competence, producing misleading or inappropriate responses in sensitive medical contexts.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal