ClawMe
Security checks across malware telemetry and agentic risk
Overview
This skill clearly discloses that it sends user-approved browser automation instructions to a Chrome extension, including actions in logged-in sessions.
Install only if you trust the ClawMe Chrome extension and backend. Because it can act in logged-in browser sessions, review every side-panel action carefully and avoid approving sensitive submissions, public posts, payments, or private-page extraction unless you are comfortable with the agent and backend handling that data.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.