Clawteam

Security checks across malware telemetry and agentic risk

Overview

This is a minimal coming-soon team-matching skill with no executable code; the only notable issue is a broad trigger phrase.

This version appears safe to install from a security perspective, but it is also only a placeholder. Review future versions carefully if they add profile ingestion, contact matching, network services, persistent storage, or access to private workspace data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The phrase "I need a cofounder" is also broad and may activate on casual discussion, advice-seeking, or narrative mentions rather than an actual request to use this skill. This increases the risk of misrouting user intent and can make agent behavior unreliable or intrusive if the skill engages without sufficient contextual confirmation.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The phrase "I need a cofounder" is also broad and may activate on casual discussion, advice-seeking, or narrative mentions rather than an actual request to use this skill. This increases the risk of misrouting user intent and can make agent behavior unreliable or intrusive if the skill engages without sufficient contextual confirmation.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal