ClawHub

Galileo TypeScript sdk

Security checks across malware telemetry and agentic risk

Overview

This documentation-only Galileo SDK skill is coherent with its observability purpose, but users should treat tracing as third-party data sharing.

Install this if you intend to use Galileo observability or evaluation. Before enabling automatic tracing, confirm what prompts, model outputs, retrieved documents, tool inputs and outputs, metadata, and session data may be sent to Galileo; avoid logging secrets, PII, PHI, customer content, or regulated data unless approved controls are in place. Prefer scoped API keys stored in a secret manager over username/password credentials.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill strongly promotes automatic tracing, logging, and uploads to Galileo, and multiple examples include raw prompts, model outputs, retriever contents, and tool inputs/outputs. Without an explicit warning that this data may be transmitted to a third-party service, users may unknowingly send sensitive prompts, secrets, personal data, or proprietary documents off-platform, which is a real confidentiality and compliance risk in an observability SDK context.

Missing User Warnings

Low
Confidence
82% confidence
Finding
The documentation presents username/password authentication via environment variables as an alternative without cautionary guidance. While env vars are better than hardcoding, encouraging password-based auth can normalize weaker credential practices and increases the chance that long-lived account credentials are stored, reused, exposed in CI/CD, or mishandled instead of using scoped API keys or secrets management.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal