Clawpm

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed local project-management CLI; it has normal local state and supply-chain risks but no evidence of hidden or malicious behavior.

Install only if you trust the GitHub source for the CLI, preferably reviewing or pinning the repository in sensitive environments. Use it in intended project directories, expect it to create and update local task/log files, and avoid putting secrets into tasks, research notes, blockers, or work logs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Low

Confidence: 87% confidence
Finding: The skill instructs users to run setup and initialization commands that create directories and files under `~/clawpm/` and project paths, but it does not clearly warn about these filesystem side effects up front. This is a real transparency/safety issue because users may invoke the skill expecting read-only status/reporting behavior and unintentionally modify their environment.

Missing User Warnings

Low

Confidence: 84% confidence
Finding: The skill advertises `context` and work-log features that return project info, recent work log, git status, open issues, and commit metadata, but it does not prominently warn that these commands may expose repository and activity metadata to the agent/user. In an agent setting, this can lead to unintended disclosure of sensitive operational context, filenames, branch state, or work history.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal