ClawHub

Safe Guardian

Security checks across malware telemetry and agentic risk

Overview

This appears to be a security guard/audit skill, but the reported allowlist and plaintext logging create sensitive local-data exposure risks that need review before install.

Review the whitelist and logging behavior before installing. Prefer removing the /etc/passwd allow entry, enabling redaction for prompts, commands, paths, and credentials, restricting log file permissions, and setting a clear retention policy.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
Whitelisting `cat /etc/passwd` explicitly authorizes access to a sensitive system file that is unrelated to narrowly scoped safety filtering for dangerous exec/write/edit actions. Even if `/etc/passwd` is often world-readable, granting it as an approved command normalizes credential/user-enumeration behavior and can be abused by an agent to gather system intelligence for follow-on attacks.

Vague Triggers

Medium
Confidence
93% confidence
Finding
This whitelist entry is overly broad because it permits unconditional sensitive file access without any activation guardrails such as user role, environment, incident mode, or parameter constraints. In an agent skill marketed as a protective layer, such a blanket allow rule weakens the security boundary and increases the chance that harmful or unnecessary reads are treated as trusted behavior.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The logger writes full tool-call contents to disk in plaintext, which may include secrets, credentials, private prompts, filenames, or sensitive operational details. If log files are read by other users, aggregated centrally, or retained too long, this creates a secondary disclosure channel for sensitive data.

Ssd 3

Medium
Confidence
95% confidence
Finding
The audit trail persists complete tool-call content in plain text and later re-exposes it through log-reading/reporting paths. Because tool calls can contain user-supplied data, commands, paths, tokens, or other secrets, this increases the risk of accidental disclosure, insider access, or leakage through backups and support workflows.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal