Security audit

Cashclaw Reputation Manager

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent reputation-management assistant, but users should handle collected review content carefully.

Install only if you are comfortable using an npm CLI for reputation monitoring. When using it, avoid storing more review text than needed, redact names and sensitive details in shared reports, respect each platform's terms, and treat healthcare, employment, legal, and other sensitive reviews with extra care.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly directs collection of reviewer names and full review text, which can contain personal data, health details, employment issues, or other sensitive third-party information, yet it provides no minimization, retention, consent, or platform-terms guidance. In a multi-platform aggregation workflow, this creates a realistic privacy/compliance risk because operators may copy, store, and redistribute personal data into reports and response drafts without safeguards.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal