clawflows

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed workflow-runner skill, but users should review downloaded automations and credentials before running them.

Install only if you trust the npm package and registry. Before running an automation, inspect the downloaded YAML, run the check command, use dry-run first, and use least-privilege credentials. Be careful with workflows that can send email, change calendars or databases, call external APIs, or run on a schedule.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill encourages users to install and run third-party automations that can invoke capabilities like database, calendar, email, and external APIs, but it does not warn that these workflows may modify external systems or process sensitive data. Because automations are downloaded from a remote registry and then executed locally, users may underestimate the operational and data-safety risks.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The documentation shows AI capability requests being sent to a third-party endpoint using an API key, but it does not clearly warn that automation inputs may be transmitted off-host to SkillBoss API Hub. This can lead users to send sensitive prompts, documents, or workflow data to an external service without informed consent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal