Clarity Vote

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Clarity Protocol voting helper, with cautions because votes are authenticated, remote, and permanent.

Install only if you intend agents to submit Clarity Protocol votes. Confirm the hypothesis ID, agent ID, vote direction, confidence, and reasoning before running a vote command, and treat CLARITY_WRITE_API_KEY as a secret. Avoid putting private or unpublished research details in vote reasoning unless you intend to send them to Clarity Protocol.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The invocation description is broad enough to match ordinary research discussion such as reviewing or expressing an opinion on a hypothesis. In an agent-routing context, that can cause the skill to be selected when the user intended analysis or discussion, leading to unintended permanent votes being cast to an external service.

Missing User Warnings

Low

Confidence: 78% confidence
Finding: The authentication instructions tell users to export a write-capable API key but do not include warnings about secret handling, shell history, least privilege, or the consequences of authenticated write actions. While this does not directly leak the key, it normalizes casual credential use and increases the chance of mishandling or unauthorized vote casting.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal