Yeeth Claw

Security checks across malware telemetry and agentic risk

Overview

This skill installs a disclosed Claude Code package-install security hook, with optional external analysis only when the user configures Argus credentials.

Install only if you want Claude Code package installs checked and sometimes blocked. Leave the Argus environment variables unset unless you trust the configured endpoint to receive package names, ecosystem, age, similarity target, and install-script status for blocked packages.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The README states that blocked packages may be submitted to the Argus API for full analysis, but it does not clearly disclose what data leaves the local environment. In a security hook that inspects developer package installs, transmitted metadata could include package names, ecosystem, risk signals, command context, or other analysis details that may reveal internal project dependencies or investigation activity to an external service.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill states that blocked packages may be submitted to the Argus API for full static analysis, but it does not give an explicit privacy/security warning about sending package metadata or related context to an external service. In a supply-chain security tool, users may expect local analysis, so silent or underexplained exfiltration to a third party increases confidentiality and compliance risk.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal