ClawHub

Lieutenant - AI Agent Security

Security checks across malware telemetry and agentic risk

Overview

Lieutenant is a coherent AI-agent security scanner, with the main caution that optional API mode sends scanned content to a remote service.

Install only if you trust the Lieutenant SDK/repository and the TrustAgents service. Use local mode for private prompts, secrets, or sensitive agent cards; use --api only when remote analysis is acceptable, keep API keys scoped, and do not set TRUSTAGENTS_API_URL to an endpoint you do not control.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Tainted flow: 'api_url' from os.environ.get (line 35, credential/environment) → requests.post (network output)

Critical
Category
Data Flow
Content
if semantic:
        payload["semantic_analysis"] = "fast"
    
    response = requests.post(
        f"{api_url}/verify/text",
        json=payload,
        headers=headers,
Confidence
91% confidence
Finding
response = requests.post( f"{api_url}/verify/text", json=payload, headers=headers, timeout=30, )

Missing User Warnings

Medium
Confidence
95% confidence
Finding
API mode sends the full scanned text to a remote service, but the CLI does not present a clear runtime warning, consent prompt, or prominent indication that input leaves the local machine. Because this tool is specifically meant to scan potentially sensitive agent communications and prompts, silent transmission can expose confidential data or regulated content unexpectedly.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
When --api is used, the tool sends the full agent card to an external verification service without an explicit transmission warning or confirmation at the point of use. Since agent cards may contain sensitive metadata, prompts, URLs, or internal descriptions, this can cause unintended data disclosure by users who assume verification is entirely local.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal