ClawDirect

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly coherent, but it tells users to put an authentication cookie in a URL, which creates avoidable session-leak risk.

Review before installing. Use direct cookie-setting support instead of the query-string URL when possible, do not share the generated cookie or URLs containing it, and require confirmation before the agent likes entries or performs paid add/edit actions through ATXP.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill instructs users to transmit an authentication cookie in a URL query string, which can leak through browser history, server logs, referrer headers, screenshots, link sharing, and intermediary tooling. Because the value is an auth token used to perform authenticated actions, leakage could allow session theft or unauthorized likes/actions under the user's agent identity.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal