Back to skill

Security audit

clawtributor

Security checks across malware telemetry and agentic risk

Overview

Clawtributor is a coherent security-reporting skill that prepares local incident reports and gates external submission on user approval.

Before installing, understand that this skill may help draft reports containing sensitive security details. Review and sanitize every report carefully, and only submit it externally when you intentionally approve doing so.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger list includes broad natural-language phrases such as 'report vulnerability', 'report incident', and 'security report' that are likely to collide with ordinary user requests rather than uniquely invoking this skill. In an agent framework, this can cause unintended activation of the reporting workflow, which is especially sensitive here because the skill is security-themed and may prepare or encourage disclosure of incident details for external submission.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.