Taizi Claw Shell

Security checks across malware telemetry and agentic risk

Overview

This skill openly provides a local shell tool, but its safety controls and tmux boundary are too weak for that level of access.

Install only if you intentionally want an agent to run local shell commands. Treat it as a raw shell interface, not a safe command runner; do not rely on its dangerous-command detection, and avoid using it around secrets or sensitive directories.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill executes arbitrary shell commands provided in input with only a weak denylist and no user-facing confirmation or disclosure for most commands. In an agent context, this is dangerous because benign-looking commands can still exfiltrate data, modify files, or run destructive shell features that bypass the simple keyword filter.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal