ClawHub

Claw Def

Security checks across malware telemetry and agentic risk

Overview

This appears to be a security-protection skill, but it claims automatic interception and cloud threat reporting without clearly explaining scope, controls, or data handling.

Review this before installing. Confirm whether it actually runs, what permissions it receives, what runtime actions it can block or log, and whether any source code, behavior traces, file paths, hashes, or metadata are sent to a cloud service. Avoid following the token-in-URL publishing example; use GitHub CLI, SSH, or a credential helper instead.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The checklist instructs users to embed a GitHub token directly in a remote URL (`https://TOKEN@github.com/...`) and to export a token in the shell without any warning about shell history, process exposure, or credential leakage via `.git/config`. This can lead to accidental token disclosure in command history, logs, screenshots, or repository configuration, enabling unauthorized access if the token is reused or overprivileged.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation states the skill auto-enables after installation while describing invasive security capabilities such as runtime interception, file protection, permission management, and security logging, but it does not clearly disclose consent, scope, defaults, or operational side effects. This creates a real transparency and trust problem: users may install it expecting passive protection but instead grant immediate active control over execution and data handling without informed approval.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The document promotes a cloud threat library and threat reporting workflow that appears to send code and behavior data to a remote service, but it does not disclose what data leaves the machine, when transmission occurs, or what consent and retention controls exist. In a security product, undisclosed outbound transfer is especially sensitive because analyzed code may contain secrets, proprietary logic, or user data, creating privacy and data-exposure risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal