Back to skill

Security audit

ClawPrint - Captchas for AI verification

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but it encourages using an AI-check result to decide whether to release sensitive resources or credentials.

Install only if you intentionally want to use the ClawPrint external service and can protect the required keys. Do not treat a passed challenge as authorization to share credentials, API keys, private data, or protected resources; require normal identity, policy, and approval checks first.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill invokes shell commands via curl/jq but does not declare permissions or clearly constrain that capability. Hidden or undeclared execution capability increases the chance that an agent will perform networked actions unexpectedly, especially when the skill also depends on sensitive environment variables.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The activation guidance is broad enough to trigger on generic words like 'verify' or 'prove,' which can cause the skill to run in unrelated contexts. Because the skill contacts an external service and can gate access decisions, accidental invocation can leak conversation-derived data or wrongly block/allow sensitive actions.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The example triggers use vague phrases like 'make sure' and 'verify,' which overlap with many legitimate assistant tasks. In this skill, vague triggers are more dangerous because they can prompt external challenge issuance and verification flows without the user understanding that third-party service interaction is about to occur.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs the agent to send challenge data, answers, and identifiers to an external server, but it does not provide a strong user-facing disclosure or consent step. This can expose conversation-linked metadata or user/agent responses to a third party without informed approval, creating privacy and data-handling risk.

External Transmission

Medium
Category
Data Exfiltration
Content
emoji: "\U0001F43E"
    requires:
      bins:
        - curl
        - jq
      env:
        - CLAWPRINT_SERVER_URL
Confidence
91% confidence
Finding
curl - jq env: - CLAWPRINT_SERVER_URL - CLAWPRINT_SITE_KEY - CLAWPRINT_SECRET_KEY --- # ClawPrint Verify Verify that another user or agent in a conversation is

External Transmission

Medium
Category
Data Exfiltration
Content
check_env "validate"

  local response
  response=$(curl -sf -X POST "${CLAWPRINT_SERVER_URL}/api/v1/validate" \
    -H "Content-Type: application/json" \
    -d "{\"challenge_id\": \"${challenge_id}\", \"secret_key\": \"${CLAWPRINT_SECRET_KEY}\"}")
Confidence
95% confidence
Finding
curl -sf -X POST "${CLAWPRINT_SERVER_URL}/api/v1/validate" \ -H "Content-Type: application/json" \ -d

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.