Clawbridge Skill

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed web-scouting skill that finds and summarizes possible professional contacts, with human review required before outreach.

Install only if you want recurring public web and community scouting for professional contacts. Set strict search/fetch/time budgets, keep avoid lists current, review every match and draft manually, avoid collecting sensitive personal data, and store or send briefs only to approved destinations such as trusted Slack, Discord, or email channels.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The skill is explicitly designed to collect, rank, and deliver information about people from Moltbook, communities, and the open web, and it also supports transmission to external delivery targets such as Discord, Slack, or email. Without clear privacy guidance, lawful-basis constraints, data minimization rules, retention limits, or warnings about handling personal data, users may deploy it in ways that create privacy, compliance, or reputational risk even if the data is publicly accessible.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal