Skills Backup Claw Shell
Security checks across malware telemetry and agentic risk
Overview
This skill does what it says by giving an agent terminal access through tmux, but that access is broad and the safety checks are weak.
Install only if you intentionally want to give the agent terminal-like access on your machine. Treat it as an unsandboxed shell runner, review commands carefully, avoid leaving secrets in the tmux session, and prefer a version with explicit approvals, argument-safe process execution, clearer dependency metadata, and isolated per-command output.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.