Security audit

Clawrank

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only self-scoring rubric; its main risk is accidental activation or optional score tracking, not harmful system access.

Install this if you want agents to produce structured self-assessments. Prefer invoking it explicitly, since phrases like "how'd you do" may trigger it unintentionally, and avoid including sensitive user or project details in scoring evidence if using peer review or weekly tracking.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger list includes broad, natural phrases such as "rate your performance," "how'd you do," and "score check," which can appear in ordinary conversation and cause the skill to activate unexpectedly. Because this skill steers the agent into self-evaluation behavior, unintended activation can distract from the user’s actual request, override normal task flow, or leak internal-style assessment content when not explicitly requested.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal