ClawHub

Agent Firewall

Security checks across malware telemetry and agentic risk

Overview

This is a plausible firewall skill, but it needs review because it can retain or return raw sensitive content that users may expect it to block.

Install only if you treat this as a helper filter, not a hard security boundary. Make integrations use processedData only, avoid passing secrets or full prompts in context, restrict access to .security/firewall-logs, and consider removing originalData and replacing full-context logs with redacted metadata before relying on it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The firewall writes each action together with the full `context` object to disk in JSONL format. In a filtering skill, `context` can naturally contain prompts, secrets, session metadata, or user data, so this creates unnecessary persistent retention and expands the exposure surface if logs are read, copied, or exfiltrated.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
Sensitive input/output context is persisted to local firewall logs without disclosure or consent. Because this skill is explicitly positioned as a security boundary, operators may route highly sensitive traffic through it, making silent plaintext retention more dangerous than in a generic logging component.

Ssd 3

Medium
Confidence
98% confidence
Finding
The log entry stores `context` verbatim in plaintext, which can capture user-provided secrets, authentication material, prompts, or internal state. Plaintext local logs are a common secondary breach vector and contradict the stated purpose of reducing sensitive-data exposure.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal