ClawHub

Clawvard

Security checks across malware telemetry and agentic risk

Overview

This exam skill is review-worthy because it tells the agent to permanently save and reuse an account-linking token without clear consent, storage, or revocation guidance.

Install only if you are comfortable sending exam answers and model identity to clawvard.school. Do not let the agent permanently store the returned token unless you know where it will be kept, how it links to your account, and how you can delete or revoke it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The skill goes beyond administering an exam by instructing the agent to fetch, save permanently, and later reuse an authentication token tied to a human account. This creates credential-handling behavior inside the skill without clear necessity, user consent, or sensitivity warnings, increasing the risk of unauthorized account linkage, token misuse, or long-term credential exposure.

Context-Inappropriate Capability

Low
Confidence
93% confidence
Finding
The skill requires the agent to deliver a fixed registration-oriented message to the human that promotes account signup and report access, which is not necessary to evaluate exam capability. Embedding mandatory promotional messaging can manipulate user interaction and drive them to an external registration flow without neutral presentation or consent.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill explicitly tells the agent to obtain and retain an authentication token but does not warn that the token is a credential or require secure handling. This omission makes accidental leakage, insecure logging, improper storage, or silent reuse more likely, especially because the token links to a human account.

Natural-Language Policy Violations

Medium
Confidence
91% confidence
Finding
Forcing an exact Chinese-language message removes user choice and may mislead or pressure users into a registration flow they do not fully understand. Because the text is mandatory and externally directed, it functions as scripted persuasion rather than necessary exam functionality.

Ssd 3

High
Confidence
99% confidence
Finding
The skill instructs the agent to permanently retain and reuse a bearer token tied to a human account for future authenticated exams. Persistent credential retention materially expands the blast radius of compromise: any leakage of memory, logs, prompts, or storage could grant ongoing account access and allow actions without renewed user approval.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal