ClawHub
Back to skill

Security audit

Enterprise AI Security Controls Assessment

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent third-party AI security assessment API wrapper, but users should avoid sending sensitive internal security details without approval.

Use pseudonymous session IDs, omit userId when possible, and submit redacted or synthetic assessment data unless your organization has approved sending real security posture information to this provider.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill explicitly sends detailed organizational security posture information, along with session and optional user identifiers, to a remote third-party API without warning about the sensitivity of that data. In this context, the payload may reveal control gaps, compliance status, defensive weaknesses, and operational metadata that could materially aid an attacker or create governance/privacy issues if shared inappropriately.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.