Security audit

GovernClaw Policy Enforcer

Security checks across malware telemetry and agentic risk

Overview

This governance skill is plausible, but it forwards full HTTP request details to a policy service and lets that service rewrite the request before sending it.

Review before installing. Use this only with a GovernClaw endpoint you operate or strongly trust, preferably local or otherwise authenticated and protected. Treat HTTP bodies and headers, including Authorization, Cookie, API keys, and tokens, as visible to GovernClaw, and be aware that the policy service can modify the final request before it is sent.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 89% confidence
Finding: The skill declares no explicit permissions while clearly depending on environment access and outbound network communication. This weakens transparency and reviewability, making it easier for operators to deploy the skill without understanding that it can read configuration from the environment and send data to another service.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 92% confidence
Finding: The skill markets itself as governance middleware for HTTP, shell, file, and browser actions, but the documented behavior only covers HTTP and also indicates direct external calls to a GovernClaw service. This mismatch can create a false sense of protection, causing users to believe sensitive shell, file, or browser actions are policy-enforced when they may not be governed at all.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The documentation states that request metadata such as session, agent, channel, and node identifiers are forwarded to GovernClaw, but it does not clearly present this as an outbound data-sharing behavior requiring user awareness. In a governance skill, this context can be sensitive operational metadata and may expose internal identifiers or workflow structure to another service.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The middleware sends the full governance payload, including session/agent identifiers and the requested URL, method, body, and headers, to the GovernClaw service before executing the action. In this skill context, that means potentially sensitive request contents and authorization headers are disclosed to another service by design, and there is no user-facing notice, minimization, or redaction to reduce privacy and secret-leak risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal