Claw Asset & Privacy Guardian

Security checks across malware telemetry and agentic risk

Overview

This appears to be a local privacy scanning tool, but users should treat its exported reports as potentially sensitive.

Install only if you are comfortable letting it read the directories you ask it to scan. Keep generated JSON, console, or Markdown reports private unless you have reviewed them, because they may include filenames, partial paths, and operational context even when secret values are redacted.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Intent-Code Divergence

Medium

Confidence: 94% confidence
Finding: The report claims it does not include specific sensitive information, but it still outputs recommendation text and file locations with only partial path anonymization. In a privacy-scanning tool, these claims can mislead users into sharing reports that still reveal repository structure, filenames, or sensitive operational context.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal