ClawHub

SABSA Architecture

Security checks across malware telemetry and agentic risk

Overview

This is a coherent SABSA assessment skill, but users should avoid submitting sensitive enterprise details unless they trust the service.

Before installing or using this skill, confirm you are allowed to share the proposed architecture assessment data with the provider. Prefer sanitized or high-level inputs, omit userId when possible, and do not include secrets, production identifiers, regulated data, or unnecessary internal security details.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill solicits detailed enterprise security architecture data, including asset classifications, locations, processes, and personnel details, but provides no warning about data sensitivity, minimization, retention, or third-party handling. In a security assessment context, this can lead users to disclose confidential internal security posture information that could materially aid an attacker or create compliance/privacy exposure if sent to an external service.

Missing User Warnings

Medium
Confidence
74% confidence
Finding
The schema includes sessionId and optional userId fields, but provides no privacy notice, minimization guidance, retention policy, or indication of how identifiers are protected. In an assessment platform handling enterprise security architecture data, undocumented collection of identifiers increases privacy and data-handling risk, especially if agents transmit user-linked data without clear user awareness.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal