ClawHub

ClawSec

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-aligned as a security proxy helper, but it asks users to decrypt HTTPS traffic and install a trusted CA without enough containment or cleanup guidance.

Install or use this only if you trust and have reviewed the actual ClawSec Monitor implementation. Prefer per-process CA settings over system-wide trust, route only the agents you intend to monitor, protect and delete /tmp/clawsec logs when finished, and remove any trusted CA or Docker volume after use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs users to enable HTTPS interception via a locally generated CA and to trust that CA system-wide, but it does not provide adequate warnings about the security and privacy consequences. Installing a new trusted root CA expands the machine's trust boundary and enables decryption of otherwise protected TLS traffic, which is highly sensitive if misused, leaked, or left installed.

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
-k /Library/Keychains/System.keychain /tmp/clawsec/ca.crt

# Ubuntu / Debian
sudo cp /tmp/clawsec/ca.crt /usr/local/share/ca-certificates/clawsec.crt
sudo update-ca-certificates

# Per-process (no system trust required)
Confidence
88% confidence
Finding
sudo

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
# Ubuntu / Debian
sudo cp /tmp/clawsec/ca.crt /usr/local/share/ca-certificates/clawsec.crt
sudo update-ca-certificates

# Per-process (no system trust required)
export REQUESTS_CA_BUNDLE=/tmp/clawsec/ca.crt   # Python requests
Confidence
88% confidence
Finding
sudo

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal