Back to skill

Security audit

ClawSkillShield

Security checks across malware telemetry and agentic risk

Overview

The skill is a local security scanner, but its quarantine feature can move local files and is promoted for autonomous use without enough safeguards.

Use this skill only in scan-only mode unless you are deliberately quarantining a known skill directory. Do not allow agents to call quarantine automatically, and verify the target path first because quarantine moves local files and may overwrite an earlier quarantine entry with the same name.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The report logic inverts the meaning of the computed risk score: higher scores are labeled 'LOW RISK' while lower scores are labeled 'HIGH RISK' and auto-quarantine is suggested only when the score is low. This can mislead users or downstream agents into trusting dangerous skills and mishandling benign ones, directly undermining the security purpose of the tool.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README explicitly promotes quarantine actions that move or isolate files, including examples framed as safe for agents to auto-trigger, but it does not clearly warn users that this changes filesystem state and may affect legitimate projects. In an autonomous-agent context, documentation like this can normalize destructive or disruptive behavior without confirmation, rollback guidance, or scope limitations.

Natural-Language Policy Violations

Medium
Confidence
97% confidence
Finding
The documentation encourages agents to automatically quarantine content based on detection results, including wording that it is safe for agents to auto-trigger, without requiring opt-in, human approval, or strong guardrails. In autonomous environments, this can be abused or can cause denial of service against legitimate skills through false positives or manipulated scan outcomes.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly advertises automatic quarantine of local skills but does not warn users that this action may modify, move, or disable files on their system. In an agent context, file-affecting automation without clear confirmation or safeguards can cause unintended local disruption or denial of service against legitimate skills.

Missing User Warnings

High
Confidence
96% confidence
Finding
The quarantine function performs a destructive move of an arbitrary caller-supplied path into a quarantine directory without confirmation, safety checks, or scope restrictions, and the docstring explicitly encourages autonomous triggering by agents. In an agentic context, this can delete or relocate important user data, system project directories, or unintended paths if invoked incorrectly or maliciously influenced.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.