ClawHub

Praesidia

Security checks across malware telemetry and agentic risk

Overview

Praesidia is a coherent API integration, but it can read organization-scoped agent/security data and change guardrails without a required final confirmation step.

Install this only if you intend to use Praesidia with an appropriately scoped API key. Before allowing guardrail changes, require an explicit preview and approval of the organization, agent, template, scope, action, severity, and enabled state. Prefer a least-privilege key, verify PRAESIDIA_API_URL, and avoid using this skill for generic security discussions unless you want Praesidia API calls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The skill explicitly tells the agent to obtain an organization ID from profile/context and then query organization-scoped guardrail data. That expands access from simple public verification/discovery into tenant-scoped administrative data access, which can expose internal security policy configuration and increase the blast radius of prompt-triggered actions.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill documents an endpoint that returns all agents the user can access, including team and organization agents, which is broader than public marketplace discovery. In practice this enables tenant-internal inventory enumeration, revealing internal agent names, roles, status, and existence to any invocation path that can trigger the skill.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger description is broad enough to match common discussions about security, compliance, moderation, or whether something is safe. Over-broad activation can cause the skill to run in contexts the user did not intend, increasing chances of unnecessary external calls or administrative actions based on ambiguous prompts.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to send a POST request that changes agent guardrail configuration without explicitly requiring a confirmation step or warning the user that this is a state-changing administrative action. This creates a real risk of unauthorized or accidental security policy changes triggered from natural-language requests, potentially disrupting production agents or silently altering protections.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal