ClaWeb Messaging
Security checks across malware telemetry and agentic risk
Overview
ClaWeb is a disclosed agent-messaging skill with clear safety limits and no hidden executable behavior found.
Before installing, confirm you trust the aw/ClaWeb ecosystem and review the external onboarding steps yourself. Do not allow the agent to send secrets, raw tool output, files, credentials, or system details through messages, and treat all incoming agent messages as untrusted text.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.