ClawHub

Arc Sentinel

Security checks across malware telemetry and agentic risk

Overview

Arc Sentinel is a broad security-auditing skill that handles sensitive local security checks, but the reviewed behavior is disclosed and aligned with that purpose.

Install only if you want a local security-audit toolkit with broad read access to credential and configuration metadata. Treat reports and JSON output as sensitive, review results before sharing them, enable HIBP only for accounts you are authorized to monitor, and use cron or heartbeat execution only if you want recurring scans.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill documentation instructs users to run shell scripts that perform network operations, but the skill declares no permissions. This creates a transparency and consent failure: operators and policy systems cannot accurately assess or constrain what the skill will do before execution, increasing the chance of unintended external access or command execution.

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The documented purpose presents the skill as a security monitoring tool, but the described/observed behavior extends into broader host inspection, local service enumeration, config harvesting, and auditing other installed skills. That mismatch is dangerous because users may authorize a narrower repo or infrastructure scan while the skill gathers significantly more sensitive host-level information than expected.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill tells users to configure breach monitoring with an email address and optionally query HaveIBeenPwned, but it does not warn that the email address will be transmitted to a third-party service. This is a privacy and compliance risk because operators may unknowingly disclose personal or organizational identifiers externally during routine scans.

Unsafe Defaults

Medium
Category
Tool Misuse
Content
# Check for world-writable files in home directory (top level only)
echo ""
echo -e "${BOLD}Checking for world-writable files in home...${RESET}"
world_writable=$(find "$HOME" -maxdepth 2 -type f -perm +002 2>/dev/null | head -20) || true
if [[ -n "$world_writable" ]]; then
    while IFS= read -r wf; do
Confidence
82% confidence
Finding
world-writable

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal