ClawHub

Sightglass

Security checks across malware telemetry and agentic risk

Overview

Sightglass appears purpose-built for monitoring agent dependency choices, but it installs an unpinned external CLI and can run a persistent project watcher with cloud sync that is not scoped clearly enough.

Review before installing on private, regulated, or sensitive codebases. Confirm what @sightglass/cli collects and uploads, whether cloud sync and auto-push can be disabled, how to stop the watcher, where session data is stored, and whether the npm package can be pinned or independently inspected.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly promotes a background watcher that monitors agent sessions, file changes, package installs, and tool calls, but the documentation shown does not clearly warn users about the privacy and data-collection implications. In an agent workflow, this can expose sensitive source code context, dependency metadata, and operational activity without sufficiently informed consent, especially when monitoring is persistent or automatic.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs users to authenticate with a cloud service and notes that data syncs to sightglass.dev, but it does not prominently warn that session analysis data may leave the local system. Because the tool analyzes agent sessions and dependency decisions, transmitted data could include sensitive project metadata or derived insights, creating confidentiality and compliance risks if users are not clearly informed.

Context Leakage

High
Category
Data Exfiltration
Content
SESSION_DIR="${XDG_STATE_HOME:-$HOME/.local/state}/sightglass/sessions"
mkdir -p "$SESSION_DIR"

# Record session start
SESSION_FILE="$SESSION_DIR/current"
cat > "$SESSION_FILE" <<EOF
{
Confidence
88% confidence
Finding
Record session

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal