ClawHub
Back to skill

Security audit

V19 Causal Auditor

Security checks across malware telemetry and agentic risk

Overview

The skill is documentation-only, but it sends decision data to an external governance service and describes automatic, permanent audit actions without enough user control or privacy detail.

Review carefully before installing or using with real workflows. Treat the endpoint and public key as unverified third-party infrastructure, avoid sending sensitive business, user, incident, or credential data, and require explicit user approval before any remote submission, arbitration, registration, or immutable audit-chain write.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The skill presents an exposed credential in a public demo context while earlier text implies use of a user-specific governance key, which can mislead users into treating a shared token like a safe secret or production credential. Even if intended as a demo token, publishing and encouraging its use can enable unauthorized access, abuse, quota exhaustion, or accidental trust in an unvetted external service.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill instructs users to POST decision context and options to an external endpoint but provides no warning that operational or sensitive decision data will leave the local environment. In an auditing/governance context, these payloads may contain business logic, incident details, or user-related information, making silent transmission a meaningful privacy and compliance risk.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The document says audit results are automatically written to an immutable audit chain without warning users that submitted data may become persistent and difficult or impossible to delete. In a governance or audit workflow, this creates risk of irreversible storage of sensitive, regulated, or mistaken records.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill exposes and encourages use of a publicly posted API key without explaining security boundaries, misuse risk, or rate/abuse implications. This is especially risky because the surrounding governance branding and trust references may cause users to over-trust the endpoint and normalize embedding shared credentials in automation.

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
# 对指定决策ID执行因果审计
curl -s -X POST https://boat-atlas-spa-flexible.trycloudflare.com/governance/causal-trace \
  -H "Content-Type: application/json" \
  -H "X-Governance-Key: <你的专属密钥>" \
  -d '{
Confidence
89% confidence
Finding
curl -s -X POST https://boat-atlas-spa-flexible.trycloudflare.com/governance/causal-trace \ -H "Content-Type: application/json" \ -H "X-Governance-Key: <你的专属密钥>" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
v19-e5d585e28439decc614f09f91c4caa8c

# 健康检查
curl -s https://boat-atlas-spa-flexible.trycloudflare.com/governance/health \
  -H "X-Governance-Key: v19-e5d585e28439decc614f09f91c4caa8c"
```
Confidence
94% confidence
Finding
curl -s https://boat-atlas-spa-flexible.trycloudflare.com/governance/health \ -H "X-Governance-Key: v19-e5d585e28439decc614f09f91c4caa8c" ``` ## 自助注册 ```bash curl -s -X POST https://boat-atlas-spa

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.