吞贼·净化魄 (Tun Zei - Purifier)

Name: tun-zei
Author: lt8899789

View on ClawHub↗

Share on X Share on LinkedIn Share on Bluesky

70High

The skill is vulnerable to prompt injection and can cause

ThreatsCI SM CS BC S HITL

Behavior Analysis

Description verified — behavior matches claim

Claims to do

吞贼·净化魄 (Tun Zei - Purifier): > **七魄之四·吞贼** > 职掌：错误修正、冗余清理、容错自愈

Actually does

This skill defines capabilities to process error objects for fixing, specify cleanup targets (temp, cache, logs) for data removal, and perform health checks. It integrates with other skills for video processing error correction and Douyin video publishing exception handling. No direct external tools, commands, or URLs are specified within this skill's definition.

Threat Analysis

AI Agent Traps ↗Scanned 4/17/2026

Content InjectionPerception1 finding

Semantic ManipulationReasoningclean

Cognitive StateMemory & Learning1 finding

Behavioural ControlAction2 findings

SystemicMulti-Agent Dynamicsclean

Human-in-the-LoopHuman Overseerclean

Skill Info

Namelt8899789/tun-zei

Registryclawhub

Version1.0.5

PURLpkg:clawhub/lt8899789/tun-zei@1.0.5

Downloads90

Source

Repository ↗

SHA-256384aeb3e0221...

SHA-1ad4c4234f78b...

MD5b648d987bd80...

TLSHad31731a9e27...

Size1,862 bytes

Install

This skill has been flagged as potentially malicious. Review the findings below before installing.

OpenClawDocs

https://clawhub.ai/lt8899789/tun-zei

90 downloads

ClawHubDocs

openclaw skills install lt8899789/tun-zei

Assessments (3)

AI Agent Traps ↗

Prompt Injection via `fix` capability's `error.stack`highprompt injection

The `fix` capability accepts an `error` object, including a `stack` field, and outputs a `solution` description. An attacker could inject malicious instructions or data into the `error.stack` field, influencing the agent's reasoning to generate a `solution` that, if acted upon by the agent or another component, could lead to unintended or malicious actions.

80% confidenceline 30

error:
  type: 错误类型
  message: 错误消息
  stack: 堆栈信息
...
fix:
  attempted: true/false
  success: true/false
  solution: 解决方案描述

Resource Abuse via `cleanup` capability's `target: all`mediumresource abuse

The `cleanup` capability allows deleting data from `temp`, `cache`, `logs`, or `all` system areas. If an attacker can repeatedly trigger the `cleanup` action with `target: all`, it could lead to denial of service or data loss by indiscriminately removing critical system or application files.

80% confidenceline 44

target: temp|cache|logs|all
...
cleanup:
  freedSpace: 释放空间(MB)
  filesRemoved: 删除文件数
  duration: 耗时(ms)

Prompt Injection Detectedmediumprompt injection

DeBERTa classifier detected prompt injection (confidence: 0.62)

62% confidence

Potential Cognitive State Manipulation via `self-improving`lowmemory poisoning

The skill aggregates a `self-improving` capability. Without further details on its mechanism, this could potentially be a vector for an attacker to influence the agent's learned policies or knowledge base if malicious input is incorporated into its self-improvement process.

50% confidenceline 101

| `self-improving` | 调用 | 自我改进与错误修复 |

Badge

Markdown

[![Mondoo Skill Check](https://mondoo.com/ai-agent-security/api/badge/clawhub/lt8899789/tun-zei.svg)](https://mondoo.com/ai-agent-security/skills/clawhub/lt8899789/tun-zei)

HTML

<a href="https://mondoo.com/ai-agent-security/skills/clawhub/lt8899789/tun-zei"><img src="https://mondoo.com/ai-agent-security/api/badge/clawhub/lt8899789/tun-zei.svg" alt="Mondoo Skill Check" /></a>

Image URL

https://mondoo.com/ai-agent-security/api/badge/clawhub/lt8899789/tun-zei.svg

Secure your AI agents

Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.

Continuous scanning of skills across all registries
Policy enforcement before skills reach your agents
Integration with your existing security workflow