clawtributor

Security checks across malware telemetry and agentic risk

Overview

Clawtributor is a disclosed, local-first security report drafting skill with manual, approval-gated submission.

Before installing, understand that this skill helps prepare security incident reports and may collect sensitive evidence into local report files. Review and sanitize every report, especially prompts, logs, credentials, personal data, or proprietary details, before approving manual submission through the GitHub form.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger list includes broad phrases like "report vulnerability," "report incident," and "security report," which are likely to appear in ordinary security discussions rather than as an explicit request to invoke this skill. In an agent environment, this can cause accidental activation during unrelated conversations, potentially steering the agent into preparing reports or handling sensitive incident data when the user did not intend to invoke the skill.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal