the compliance claw
Security checks across malware telemetry and agentic risk
Overview
This is a coherent compliance-management CLI skill with disclosed commands and install path, though the external Homebrew package should be reviewed before use with client data.
Before installing, review the Homebrew formula and upstream CLI source because the executable is not included in the skill bundle. Use explicit approval before changing compliance statuses, adding obligations, assigning tasks, exporting reports, upgrading plans, or syncing calendars, especially with client-confidential information.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.