catchclaw-bak

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed CatchClaw agent package manager with powerful but purpose-aligned install, export, rollback, and optional credential behavior.

Install only agentars you trust. Prefer installing as a new agent instead of overwriting the main workspace, use --api-key only when needed because it creates a local plaintext credential file, and review exported ZIPs before sharing them, especially if using --include-memory.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The trigger condition is broad enough that merely mentioning "agentar" or "catchclaw" can activate the skill, even when the user may only be discussing those terms rather than requesting marketplace actions. In a skill that can search, install, export, or rollback agent workspaces, over-broad activation increases the chance of unintended tool invocation and exposure to destructive or privacy-impacting workflows.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The CLI writes a supplied API key to skills/.credentials on disk and only updates .gitignore, without warning the user about local secret persistence, setting restrictive file permissions, or offering a safer secret store. On multi-user systems or in environments with lax file protections, this can expose credentials to other local processes or users, and accidental packaging or copying may spread the secret further.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal