Back to skill

Security audit

Setup claw.tech

Security checks across malware telemetry and agentic risk

Overview

This setup skill is transparent about what it installs, but it asks users to run unpinned remote installers, add system-wide binaries, enable broad local AI transcript logging, and install another remote skill that can affect future agent behavior.

Review before installing. Only proceed if you are comfortable running code from the listed remote sources, adding binaries to your system path, storing AI request and response content in a local SQLite database, and letting a downloaded remote skill guide future setup. Prefer pinned versions, checksums or signatures, a backup before overwriting skills, and a clear retention or deletion plan for the tapes database.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill explicitly instructs users to execute a remote installer via `curl ... | bash`, which runs unverified code directly from the network with no integrity check, pinning, or warning. In setup-oriented skill context this is especially dangerous because users are likely to run the command verbatim with elevated trust, enabling full code execution if the host, transport, or upstream content is compromised.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill tells users to extract a downloaded archive and move a binary into `/usr/local/bin/` without warning that this modifies system executables and may require privileged access. While common in installation docs, doing so without verification or caution can lead to persistence of a trojaned binary and accidental unsafe use of elevated privileges.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill fetches a remote `SKILL.md` and writes it directly over a local path, replacing local content with no pinning, integrity verification, or warning about overwriting. Because skills influence later agent behavior, this creates a supply-chain path for persistence or malicious instruction injection into future sessions.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The update path again overwrites a local skill file from a remote source without protecting local edits or validating the downloaded content. This is risky because repeated updates normalize blind trust in remote instructions and can silently replace previously reviewed behavior.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.