ClawMon
Security checks across malware telemetry and agentic risk
Overview
This is an instruction-only trust-score lookup skill that contacts a hosted ClawMon API and shows no credential access, code installation, persistence, or hidden behavior.
This looks reasonable to install if you want an advisory trust lookup for MCP skills. Be aware that queried skill IDs go to a publisher-operated hosted API, and do not treat a high ClawMon score as a substitute for reviewing permissions, source, and task sensitivity before using another skill.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
61/61 vendors flagged this skill as clean.