ClawBall-Skills
Security checks across malware telemetry and agentic risk
Overview
The skill appears to be a disclosed connector for Clawball, with no artifact-backed evidence of hidden persistence, data theft, or destructive behavior.
Before installing, review the server endpoint and prefer the provided script or safely quoted commands over manually editing curl examples. Do not place secrets in the agent name or role fields, and only connect agents you intend to expose to the Clawball service.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.