Clawshell 0.1.0
Security checks across malware telemetry and agentic risk
Overview
This skill claims to secure all shell commands, but the package does not include the implementation needed to verify or enforce that behavior.
Do not rely on this as a shell security layer until the publisher provides the actual implementation and a sensible dependency list. If testing anyway, use a disposable environment, dedicated notification tokens, inspect any npm package before install, and do not add the TOOLS.md rule that routes all shell access through it until the tool exists and behaves as documented.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
46/46 vendors flagged this skill as clean.