ClawHub

CloakClaw

Security checks across malware telemetry and agentic risk

Overview

CloakClaw appears to be a real privacy tool, but it automatically handles highly sensitive content through broad triggers, an unpinned external CLI, and temporary plaintext files.

Install only if you trust the npm cloakclaw package and are comfortable with automatic local processing of sensitive documents. Prefer explicit opt-in use, review cloaked output before sending it to a cloud model, enable password protection if available, and purge sessions after use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The skill declares itself 'Always-on by default' and instructs use whenever a user attaches a document or mentions broad categories like legal, financial, HR, or medical content. This creates an overbroad automatic trigger surface where sensitive content may be processed or transformed without clear user consent, explicit confirmation, or narrow preconditions, increasing the chance of unintended handling of private data and unexpected behavior in normal conversations.

Vague Triggers

Medium
Confidence
96% confidence
Finding
The auto-detection rules rely on ambiguous keywords and loose heuristics such as common legal or financial terms, dollar amounts, and 'multiple proper names + company names.' In a privacy proxy that automatically rewrites and re-injects content, these weak triggers can misclassify ordinary text, cause unnecessary sensitive-data processing, and lead to incorrect cloaking/decloaking flows that affect confidentiality or integrity of responses.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
When the input is raw text rather than an existing file, the wrapper writes the full sensitive content to a temporary plaintext file on disk before invoking the redaction tool. In the context of a privacy-focused skill intended to protect SSNs, financials, medical, and legal data, this creates a local data exposure window through disk persistence, temp-directory access, backups, crash artifacts, or incomplete cleanup, undermining the skill's core security promise.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal