ClawHub
Back to skill

Security audit

GhostScore

Security checks across malware telemetry and agentic risk

Overview

GhostScore is a disclosed read-only reputation lookup and attestation verification skill with no executable code, persistence, signing, or fund movement in the reviewed artifacts.

Install only if you trust the GhostScore service and publisher. Provide only the documented MONAD_RPC_URL and GHOSTSCORE_API_KEY, prefer a scoped or revocable API key where available, and never provide wallet private keys, seed phrases, or signing keys.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal