ClawHub

AIclude Security Scanner

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed vulnerability lookup tool that sends only a target name and type to AICLUDE and shows no local code execution, credential access, or hidden behavior.

Safe to install for public package or repository scans. Before using it on private or internal targets, consider that the target name, type, and scan results may be sent to and retained by AICLUDE. If you separately install the referenced npm package, review it as a separate dependency.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Tool Parameter Abuse

High
Category
Tool Misuse
Content
"node_modules/confbox": {
      "version": "0.1.8",
      "resolved": "https://registry.npmjs.org/confbox/-/confbox-0.1.8.tgz",
      "integrity": "sha512-RMtmw0iFkeR4YV+fUOSucriAQNb9g8zFR52MWCtl+cCZOFRNL6zeB395vPzFhEjjn4fMxXudmELnl/KF/WrK6w==",
      "dev": true,
      "license": "MIT"
    },
Confidence
85% confidence
Finding
RMtmw0iFkeR4YV+fUOSucriAQNb9g8zFR52MWCtl+cCZOFRNL6zeB395vPzFhEjjn4fMxXudmELnl/KF/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal