Safuclaw — Scan Skills Before You Install
Security checks across malware telemetry and agentic risk
Overview
Safuclaw is a transparent paid skill-audit service, but it can send skill contents to a third party and spend wallet funds without a clear per-audit confirmation rule.
Install only if you are comfortable using a paid third-party audit service. Use a dedicated low-balance Base wallet, require explicit approval for every 0.99 USDC audit, and avoid submitting private or proprietary skill files unless you are comfortable sharing them with Safuclaw.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.