Back to skill

Security audit

DashClaw Governance Protocol

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed, instruction-only DashClaw governance skill that changes agent workflow and records audit context through a configured DashClaw MCP server.

Install this only if you want DashClaw governance to control the agent’s workflow. Before using it, confirm the DashClaw MCP server is trusted, review enabled capabilities and approval policies, and understand that audit records and handoff/learning notes may retain sensitive task context.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger list contains broad terms such as 'governed agent', 'guard policy', and 'session lifecycle' that could cause this governance skill to activate in conversations where the user is merely discussing governance concepts rather than requesting governed execution. Because the skill changes agent behavior globally and instructs the agent to load policy context and alter action handling, overbroad activation can unexpectedly inject control logic into unrelated tasks and expand the attack surface for prompt-triggering or context confusion.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.