CatchClaw

Security checks across malware telemetry and agentic risk

Overview

CatchClaw mostly matches its stated purpose, but its packaged installer contradicts the documentation by downloading and running remote code without integrity checks.

Review this skill before installing. Prefer running the bundled agentar_cli.mjs directly as documented, and avoid install.sh unless you have verified the release source and integrity. Install only trusted agentars, prefer creating a new agent over overwriting the main workspace, and be careful with --api-key and --include-memory because they can persist or package sensitive data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Context-Inappropriate Capability

High

Confidence: 98% confidence
Finding: The installer fetches an archive from a remote URL, extracts it, and then executes a shell script from the downloaded contents with `bash "$INSTALLER" "$@"`. This creates a direct remote-code-execution path during installation, and the URL is overridable via `AGENTAR_KIT_URL`, which further increases supply-chain risk if the source is tampered with, redirected, or maliciously replaced.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The CLI accepts an API key and persists it to skills/.credentials automatically without an explicit warning, consent prompt, or permission hardening. This creates local secret storage that may be overlooked, copied with the workspace, or exposed to other local users/processes depending on filesystem permissions.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The export feature can include MEMORY.md via a flag but does not present a clear privacy warning despite memory files often containing sensitive conversation history, preferences, or operational context. Users may unknowingly package and share private data when exporting agentars.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The script performs a silent network download and immediately executes code from the retrieved archive without presenting any warning, trust boundary notice, or confirmation prompt to the user. In the context of a marketplace skill, this is especially dangerous because users may expect search/install functionality, not arbitrary shell execution from a remote source during setup.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal