Rules of the Claw

Security checks across malware telemetry and agentic risk

Overview

This is a protective Guardian ruleset that persistently replaces the local Guardian rule file; its broad blocking and placeholders need review, but no hidden exfiltration or destructive behavior was found.

Install this only if you want Guardian to enforce a broad persistent security baseline. Review the JSON first, keep the installer backup, customize the placeholders for your app/org/user, and disable rules that are too noisy for your workflow.

SkillSpector

By NVIDIA

Vulnerability Patterns

Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Vague Triggers

Medium

Confidence: 76% confidence
Finding: Using an undefined approval term like 'YOUR_USER' creates policy ambiguity around who can authorize dangerous operations. In agent safety systems, unclear approval semantics can lead to inconsistent enforcement, social-engineering opportunities, or unsafe operator assumptions about when destructive actions are permitted.

Tool Parameter Abuse

High

Category: Tool Misuse
Content: "tool": "exec", "pattern": "rm\\s+-(r|rf|fr)\\s+.*(workspace|your_app)", "field": "command", "blockMessage": "🛡️ rm -rf blocked on workspace/your_app. Use trash or ask YOUR_USER.", "severity": "high" }, {
Confidence: 75% confidence
Finding: rm -rf blocked on workspace/

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal