ClawHub

Data Source Audit

Security checks across malware telemetry and agentic risk

Overview

This is a construction data-audit helper with disclosed filesystem use and no evidence of hidden execution, exfiltration, destructive behavior, or persistence beyond optional local exports.

Install this only if you intend to audit construction data sources. Provide specific approved files or folders rather than broad filesystem access, avoid including secrets or credentials in survey data, and review any exported Excel/CSV/JSON reports before sharing because they may contain sensitive system inventory and business-process details.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The skill is scoped very broadly as a 'comprehensive audit of all construction data sources and systems' without clear activation boundaries, approval gates, or limits on what systems and data may be inspected. In an agent context, this can lead to over-collection of sensitive enterprise metadata or unintended enumeration of internal systems, especially since the examples encourage organization-wide discovery and reporting.

Missing User Warnings

Low
Confidence
89% confidence
Finding
The quick-start example writes an Excel file to the local filesystem without any warning, confirmation, or safe-output guidance. In an agent setting, even a simple local write can create unintended persistence of potentially sensitive audit results, overwrite existing files, or violate user expectations about non-modifying analysis actions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal