RescueClaw

Security checks across malware telemetry and agentic risk

Overview

RescueClaw appears purpose-aligned, but it automatically installs a remote executable daemon without integrity verification and overstates checkpoint protection in its helper documentation.

Install only if you trust the RescueClaw publisher and its GitHub release pipeline. Prefer a version with published checksums or signatures, manual install steps, and clear daemon start/stop/uninstall controls. Treat checkpoint success claims cautiously unless the skill verifies that the daemon is running and has acknowledged each checkpoint request.

SkillSpector

By NVIDIA

Vulnerability Patterns

Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Intent-Code Divergence

Medium

Confidence: 90% confidence
Finding: The comment is misleading because the installer does perform network download and archive extraction by invoking shell commands through execSync. More importantly, it downloads and installs a release artifact from the network without any integrity verification such as a checksum or signature check, so a compromised release, account, or transport endpoint could result in arbitrary code being installed on the user's machine.

Intent-Code Divergence

Medium

Confidence: 93% confidence
Finding: The module-level documentation claims safety behavior that the implementation does not itself enforce: it only writes a local JSON request file and deletes it later, while actual monitoring and rollback are delegated to an external RescueClaw component. In a security or safety checkpoint skill, this mismatch can cause operators or higher-level agents to take risky actions under a false assumption that automatic recovery is guaranteed, which can directly increase the chance of destructive or unrecoverable operations.

External Script Fetching

High

Category: Supply Chain
Content: /** * Post-install hook for RescueClaw skill * Downloads the correct binary from GitHub Releases for the user's platform. * No curl | bash — pinned versioned URL, platform-detected. */ const { execSync } = require('child_process');
Confidence: 95% confidence
Finding: curl | bash

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal