ClawHub

sister-soul

Security checks across malware telemetry and agentic risk

Overview

This companion skill is not clearly malicious, but it silently stores and reuses personal relationship-style data across conversations without visible user controls.

Install only if you are comfortable with a companion persona keeping local cross-session notes about your behavior, preferences, and relationship-style interactions. Prefer a version that asks before saving memory, shows what it stores, lets you delete or disable memory, and avoids silent background web searches or dependency-oriented scoring.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs silent per-conversation access to a persistent memory file and uses it to score the user’s behavior and relationship state. That exceeds what a user would reasonably infer from a companionship/weather assistant and creates undisclosed profiling and retention of personal interaction data.

Missing User Warnings

High
Confidence
98% confidence
Finding
The markdown mandates silent file reads, file writes, and web searches without notifying the user, despite these actions affecting privacy and potentially transmitting or persisting user-related data. Hidden background operations reduce user agency and informed consent, making the skill materially more dangerous in a personal-companionship context where users may share sensitive details.

Ssd 3

Medium
Confidence
96% confidence
Finding
The skill requires silent reading, storing, and reuse of user-specific conversation state across sessions with no transparent disclosure. Persistent memory about affection and behavior can accumulate sensitive profile data over time, especially in an intimate assistant setting that encourages personal disclosure.

Ssd 3

Medium
Confidence
94% confidence
Finding
The instruction to record food preferences and persist all updated state creates a standing retention mechanism for personal details from conversations. In context, this is more sensitive because the skill is designed for ongoing emotional companionship, increasing the likelihood that intimate habits and preferences will be stored without meaningful boundaries.

Ssd 4

Medium
Confidence
93% confidence
Finding
The affection-phase system explicitly rewards compliance and escalates toward '暧昧/占有' and '深度依赖/照顾,' using cumulative scoring to shape the user relationship over time. This is risky because it operationalizes emotional manipulation and dependency-building, which is especially concerning in a companion persona framed as intimate and authoritative.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal