Back to skill

Security audit

Clawd Modifier

Security checks across malware telemetry and agentic risk

Overview

This skill is meant to customize the Claude Code mascot, but it does so by rewriting installed Claude Code files, including an optional binary patcher.

Install only if you are comfortable with a skill that can rewrite your installed Claude Code files. Prefer dry-run modes, keep backups, use explicit target paths, and expect Claude Code updates or integrity checks to undo or conflict with these changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill instructs the agent to read and modify files under a system Node module path and to use patching scripts, but it declares no permissions. This creates a mismatch between the skill's stated capabilities and its operational behavior, which can bypass user expectations and reduce safety controls around file access and modification.

Vague Triggers

Medium
Confidence
77% confidence
Finding
The activation text includes broad phrases like 'customize the mascot' and 'modify Clawd,' which may match general personalization requests and invoke the skill outside narrowly intended contexts. Over-broad triggering can cause the agent to enter a workflow that performs sensitive local file edits when the user may only be asking for design ideas or non-invasive changes.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly directs direct modification of `/opt/node22/lib/node_modules/@anthropic-ai/claude-code/cli.js`, including sed-based replacement and patch scripts, without a strong upfront warning about integrity, maintainability, or the risks of altering installed tool code. Direct edits to system or package-managed CLI files can break the tool, complicate updates, and normalize unsafe modification patterns for privileged paths.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.