Clawscan Vigil

Security checks across malware telemetry and agentic risk

Overview

The skill is a local security scanner, but it needs Review because dynamic scanning executes scanned skill code by default inside the scanner process with weak containment.

Install only if you are comfortable scanning untrusted skills with dynamic analysis disabled or in a disposable environment. Prefer running with --no-dynamic unless you trust the target skill or can sandbox the scanner process; also expect local quota/license files under ~/.clawscan.

SkillSpector

By NVIDIA

Vulnerability Patterns

Behavioral ASTexec() Call, eval() Call, Dynamic Import
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

exec() call detected

High

Category: Dangerous Code Execution
Content: return findings # Execute in sandbox exec(compiled, restricted_globals) self.trace.completed = True except Exception as e:
Confidence: 94% confidence
Finding: exec(compiled, restricted_globals)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 77% confidence
Finding: The documented behavior goes beyond pure security scanning into licensing, quota enforcement, local state storage under the user home directory, and premium feature gating, none of which are clearly reflected in the declared purpose. This mismatch can mislead users about what the skill actually does and what data or files it may modify, reducing informed consent and trust.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal