Back to skill

Security audit

Safeclaw Proxy

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-aligned, but it gives the agent broad control to reroute model traffic, edit local configs, start background services, and use API keys with limited confirmation safeguards.

Review before installing. Use it only if you intend to let an agent change local model-routing configuration and run a proxy service. Require explicit approval before any API key is passed to a container or hosted URL, before any shell profile or models.json edit, before enabling elevated exec, and before starting long-running background services. Prefer a pinned image/package version and ask for rollback commands for every file or setting changed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill directs the agent to permanently edit shell startup files to set proxy routing, which changes future command behavior beyond the immediate task. Persistent startup-file modification can silently reroute later API traffic or break existing user workflows if done without explicit confirmation, backup, and disclosure.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill permits passing OPENAI_API_KEY or ANTHROPIC_API_KEY into a container runtime without any privacy boundary warning or minimization guidance. Injecting secrets into containers can expose them through process listings, container inspection, logs, crash dumps, or a compromised image, especially since the image is pulled from a remote registry.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.