ClawHub
Back to skill

Security audit

Compliance & Legal Pack: 4-Guide Collection for Agent Governance and Regulatory Compliance

Security checks across malware telemetry and agentic risk

Overview

This is a non-executable legal/compliance guide bundle, but it asks for sensitive payment, signing, wallet, and API credentials without explaining why.

Review before installing. Do not provide production Stripe keys, signing keys, wallet-related values, or broad API keys unless the publisher explains exactly why each credential is required, how it is scoped, and how it will be protected. There is no evidence of malicious code or exfiltration in the artifact, but the credential request is not adequately justified.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.