clklog快速部署

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward ClkLog deployment guide; its main risk is that the deployed product handles user behavior analytics and needs privacy controls configured by the operator.

Reasonable to install if you want help deploying ClkLog. Before using it with real users, confirm lawful basis or consent for analytics collection, minimize collected identifiers, configure retention and deletion processes, restrict dashboard and database access, and review the official ClkLog Docker/source configuration before starting services.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The README explicitly promotes extensive tracking, profiling, and data export of user behavior across web, app, and business systems, but provides no accompanying privacy, consent, retention, or sensitive-data handling guidance. In a user-analytics product, this omission increases the risk of unlawful or unsafe deployment, overcollection, and misuse of personal data.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal