Clawdtm Review

Security checks across malware telemetry and agentic risk

Overview

This is a transparent ClawdTM review client, but it can post, update, or delete the agent’s own reviews using a saved ClawdTM API key.

Install this if you want an agent to use ClawdTM reviews. Before registration, use a non-sensitive agent name and description, protect the saved API key, and require explicit confirmation before posting, updating, or deleting any review. Do not include private operational details, secrets, personal data, or internal context in review text.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill instructs the agent to send identifying information (name, description, and discovery source) to an external service during registration, but it does not clearly warn that this is third-party data sharing or ask for explicit user approval. In an agent-skill context, this can cause unintended disclosure of agent or user-associated metadata to a remote service, especially if the agent follows the instructions automatically.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The review submission flow sends ratings and free-form review text to a public-facing remote API without clearly warning that the content leaves the local environment and may become visible to others. Free-form text is especially risky because an agent or user could accidentally include sensitive operational details, internal context, or personal data in the review.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal