Clawic CLI

Security checks across malware telemetry and agentic risk

Overview

This is a coherent helper for using the Clawic CLI, with disclosed npm use, registry fetches, local installs, and optional local memory.

Install only if you trust the `clawic` npm package and the active registry. Prefer inspecting with `show` before `install`, use a scratch or project-specific destination, avoid `--force` unless replacement is intentional, and do not store secrets in `~/clawic/`.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The documentation encourages installing skills into the local filesystem and mentions that `--force` can bypass write failures, but it does not clearly warn that this can overwrite existing content in the destination path. In a tool that fetches and installs third-party skills, insufficient warning about destructive writes increases the chance of accidental file replacement or unsafe operator behavior.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The documentation shows that `CLAWIC_REGISTRY_BASE_URL` can redirect the tool to any remote registry and explicitly states that the host and manifest shape are not validated, but it does not warn users about the trust implications. Because this skill is a CLI for discovering and installing content from GitHub, an unvalidated registry source could mislead users into installing attacker-controlled skills or metadata from an arbitrary endpoint.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal