ClawHub

Proof of Work

Security checks across malware telemetry and agentic risk

Overview

This is a local verification helper with an optional Ollama quality check; the main caveat is privacy clarity, not hidden or malicious behavior.

Install from the bundled files, not a remote curl-to-bash snippet. Keep check paths limited to agent output folders, review logs if outputs are sensitive, and only use --ai-check on files you are comfortable sending to your configured Ollama/model runtime.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The optional AI quality check reads up to 2000 bytes from the target file and sends that content to `ollama run llama2` for analysis. Even if Ollama is local, this is a data-sharing boundary beyond simple validation, and the script does not constrain what kinds of files may be analyzed, so sensitive contents could be exposed to another service or model runtime.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The README advertises AI-powered quality checks via Ollama/Heartbeat Kit but does not clearly warn that checked file contents may be transmitted to another local or remote processing component. Users may enable the feature on sensitive agent outputs without understanding the privacy and data-handling implications, creating an avoidable disclosure risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script's `--ai-check` path sends file content to Ollama but the implementation itself does not present a strong user-facing disclosure at the point of use about content being shared with an AI service. In an agent skill context, that matters more because users may run the tool on arbitrary workspace outputs that can contain credentials, proprietary data, or personal information.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal