ClawHub

soul-guardian

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed local file-integrity monitor that can restore selected workspace instruction files, with opt-in scheduling and no default network behavior.

Before installing, understand that normal checks can overwrite drifted SOUL.md and AGENTS.md back to the approved baseline. Initialize baselines only after reviewing the files, keep the state directory private because it stores snapshots and diffs, use --no-restore for alert-only operation, and review any cron or launchd setup before enabling persistent monitoring.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill clearly performs file reads/writes, shell execution, and likely environment-dependent operations, but it does not declare corresponding permissions in its manifest. This creates a transparency and policy-enforcement gap: users or harnesses may authorize the skill under false assumptions, while the skill can still overwrite protected files and install monitoring hooks.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger list does not specify boundaries for when these phrases should invoke the skill versus when they are just part of general conversation. This ambiguity increases the chance of accidental activation and unintended access to sensitive workspace files or restore workflows, though the metadata alone does not prove automatic execution.

Vague Triggers

Low
Confidence
84% confidence
Finding
The trigger list does not specify boundaries for when these phrases should invoke the skill versus when they are just part of general conversation. This ambiguity increases the chance of accidental activation and unintended access to sensitive workspace files or restore workflows, though the metadata alone does not prove automatic execution.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal