ClawHub

Iso Compliance Gap Analysis

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed API-based ISO compliance assessment helper, but users should know their security and privacy readiness answers are sent to ToolWeb.

Install only if you are comfortable sending ISO readiness details to ToolWeb. Use a dedicated, revocable API key, monitor quota or billing, and avoid including secrets, regulated personal data, or confidential audit evidence unless your organization has approved that disclosure.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly instructs collecting detailed organizational security, privacy, and governance assessment data and sending it to a third-party API, but it does not require clear user consent, data minimization, or a warning that sensitive compliance posture information will leave the local environment. This can expose confidential control weaknesses, audit readiness gaps, and privacy process deficiencies to an external service, creating confidentiality, regulatory, and supply-chain risk.

Ssd 3

Medium
Confidence
97% confidence
Finding
The workflow gathers 23 detailed responses about security governance, risk management, technical controls, privacy controls, and documentation, then transmits them externally. Those answers effectively describe an organization's security posture and gaps, which could be highly sensitive if mishandled, intercepted, retained, or reused by the API provider.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal