ClawHub
Back to skill

Security audit

Duru Prompt Shield

Security checks across malware telemetry and agentic risk

Overview

This looks like a legitimate local prompt-injection guardrail, but the package is incomplete enough that it may fail open while claiming protection.

Install only if you treat it as an incomplete advisory guardrail. Before relying on it, add or obtain audited rule files, create .env yourself from trusted values, and do not assume it blocks prompt injection just because the wrapper scripts run.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal