Back to skill

Security audit

Claudius

Security checks across malware telemetry and agentic risk

Overview

Claudius is a disclosed crypto question-answering bridge that sends user prompts to its remote API and shows no evidence of local credential access, persistence, or destructive behavior.

Install only if you are comfortable sending crypto questions and your IP address to Claudius-operated servers. Do not include seed phrases, private keys, exchange API keys, wallet addresses tied to private activity, account details, or proprietary trading plans, and treat any buy/sell guidance as informational rather than professional financial advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
86% confidence
Finding
The README encourages unconstrained natural-language use across messaging platforms without clearly defining what data may be sent, what actions are supported, or what safety boundaries apply. In a crypto advice context, broad prompting can cause users to disclose sensitive financial intent or rely on recommendations without understanding that requests are processed by a centralized service, increasing privacy and social-engineering risk.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The early description says the skill bridges user messages to the Claudius engine but does not clearly warn users up front that message contents are sent to centralized servers for processing. Because this skill operates through private messaging apps and handles potentially sensitive trading questions, that omission can mislead users about data flow and reduce informed consent.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The skill invites use for broad market-analysis questions such as general sentiment and trends, creating a trigger surface that can match vague user requests not clearly intended for this skill. Unintended invocation can route unrelated prompts into an external script, causing unnecessary data exposure and unexpected behavior.

Vague Triggers

Medium
Confidence
90% confidence
Finding
Example phrases like 'What's the market looking like?', 'Market sentiment', and 'What's trending in crypto?' are broad and conversational, increasing the chance of accidental activation from ordinary speech. In a skill that executes a script with the user's query, this can unnecessarily pass user text into tooling and produce irrelevant or privacy-impacting side effects.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill forwards raw user queries to a third-party remote API, but the code provides no user-facing disclosure or consent mechanism. In an agent-skill context, users may assume local processing and unknowingly send sensitive prompts, credentials, wallet data, or proprietary information to an external service.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.