ClawHub

Arc Shield

Security checks across malware telemetry and agentic risk

Overview

Arc Shield is a coherent local secret-scanning tool, but one advertised strict blocking path can still print the sensitive message it claims to block.

Review before installing. The skill appears local and non-exfiltrating, but do not rely on output-guard.py --strict as a blocking sanitizer in pipelines; use redaction or verify that critical findings produce no raw stdout before connecting it to external senders.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The hook explicitly bypasses secret scanning for messages sent to channels matching internal, agent, or localhost. Even if the stated goal is to prevent accidental secret leaks in agent responses, internal channels can still bridge to other systems, be logged, or be abused by a compromised local component, so this creates a real blind spot in the protection boundary.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
In strict mode, the script echoes the original input before checking whether critical findings were detected. That defeats the advertised blocking behavior and can leak the exact secrets or sensitive content the tool is supposed to prevent from being emitted downstream.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The help text and examples state that strict mode blocks leaked output, but the implementation actually passes the raw content through before failing. This mismatch is dangerous because operators may rely on strict mode as a security control and unknowingly expose secrets in production workflows.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
This is a real vulnerability: in strict mode the script prints the original input to stdout before checking for critical findings and exiting. That defeats the stated purpose of blocking sensitive output, because secrets are already disclosed to downstream consumers, logs, or users before the block occurs. In a skill explicitly intended to prevent accidental secret leaks, this mismatch makes the issue more dangerous because operators may rely on strict mode for protection.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The help text and examples claim strict mode 'blocks on critical' findings, but the implementation outputs the message before enforcing that block. This is a documentation/behavior inconsistency that can cause users to deploy the tool with a false sense of safety, leading to real secret exposure when they expect prevention. In the context of an output-sanitization skill, misleading security guarantees materially increase risk.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
This is the same underlying flaw expressed as an information disclosure issue: the original input is printed before blocking, so detected secrets can still be exposed to terminals, pipes, CI logs, or calling agents. The lack of an immediate user-facing warning at the moment of emission worsens the chance that operators will not realize the leak has already occurred. Because this skill's purpose is secret-leak prevention, the context makes the disclosure especially significant.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal