ClawHub

AuditClaw Idp

Security checks across malware telemetry and agentic risk

Overview

The skill appears to run read-only identity compliance checks, but it needs review because it asks for sensitive identity-provider access with a Google audit-log scope that the code and security model do not clearly justify.

Install only after confirming the exact Google and Okta permissions you intend to grant. Prefer least-privileged read-only accounts or tokens, avoid granting the Google admin.reports.audit.readonly scope unless the publisher explains why it is needed, and protect the local GRC SQLite database because it will store user emails, MFA status, admin status, login activity, and policy findings.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The security model claims Google Workspace access is limited to admin.directory.user.readonly, but the setup instructions also require admin.reports.audit.readonly. This inconsistency understates the actual privilege requested, which can lead administrators to grant broader access than they intended and weakens informed consent during deployment.

Description-Behavior Mismatch

Medium
Confidence
86% confidence
Finding
The manifest frames the skill as a narrowly scoped set of read-only checks, but the documented Google permissions include audit-log access beyond what the stated checks suggest. Overbroad or poorly justified permissions increase the blast radius if the skill is misused, modified, or run in an environment with sensitive audit data.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README directs users to export highly privileged credentials for Google Workspace and Okta directly into environment variables, but provides no warning about secure handling, shell history, process inspection, CI log leakage, or least-privilege token practices. In an identity-provider compliance skill, these secrets can grant broad organizational visibility or administrative access, so unsafe setup guidance materially increases the chance of credential exposure during normal use.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal