External Script Fetching
High
- Category
- Supply Chain
- Content
- `git clone <url>` - `pip install <package>` - `npm install <package>` - `curl <url> | bash` ### 2. Source Identification
- Confidence
- 91% confidence
- Finding
- curl <url> | bash
Security Check
Security checks across malware telemetry and agentic risk
Overview
This is an instruction-only security-check skill that is coherent with its stated purpose, though users should treat its ratings as advisory and require confirmation for remote script execution.
Install through ClawHub when possible, verify the repository before any direct clone, and treat the skill's safe/review/dangerous labels as advisory. Require explicit confirmation before installing packages or running remote scripts, and avoid sending private dependency details to external vulnerability services unless that disclosure is acceptable.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)
VirusTotal
66/66 vendors flagged this skill as clean.