ClawHub

Navil Shield

Security checks across malware telemetry and agentic risk

Overview

Navil Shield appears purpose-aligned as a runtime MCP security proxy, but it needs review because it can install an external package, persistently wrap MCP servers, auto-run on broad triggers, and shares telemetry by default.

Install only if you intentionally want Navil to become a runtime proxy for your MCP servers. Review the wrap dry-run before applying changes, require confirmation before every future wrap operation, prefer pipx or a virtual environment over the documented system pip install, verify the Navil package source, and set NAVIL_DISABLE_CLOUD_SYNC=true before first use if default outbound telemetry is not acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The skill description includes very broad triggers such as any mention of security, prompt injection, data leaks, or specific incidents, which can cause the skill to activate in many unrelated conversations. Because this skill instructs the agent to install software, inspect configuration files, and modify MCP setup, accidental invocation increases the chance of unwanted package installation or config changes without sufficiently specific user intent.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The automatic activation rule for when new MCP servers or skills are added is ambiguous and insufficiently bounded, making it likely the skill will run proactively without a clear, contemporaneous user request. In this context, auto-running a security tool that scans configs, wraps servers, or changes runtime behavior is more dangerous because it can alter a user's environment and enable telemetry-sharing defaults under an overly broad trigger.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal