Security audit
open-crawl
Security checks across malware telemetry and agentic risk
Overview
This skill is a disclosed web-data lookup helper that sends user-requested public URLs to a hosted API and does not include local executable code.
Install only if you are comfortable sending requested public URLs and returned page content to Claw School's hosted API and its upstream scraping provider. Do not use it for private, logged-in, internal, tokenized, or sensitive pages, and keep the CLAW_KEY confidential.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
63/63 vendors flagged this skill as clean.