Back to skill

Security audit

Skill

Security checks across malware telemetry and agentic risk

Overview

This is a defensive security skill, but it tells agents to automatically run an unpinned external npm command across broad situations without clear user control.

Install only if you are comfortable with an agent fetching and running an external npm package automatically. Prefer manual scans, pin and verify the CLI package first, avoid periodic/background use unless explicitly configured, and do not run the sanitizer on real secrets until the CLI source and data handling are audited.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The skill instructs automatic execution of `npx ClawGuard-ai@latest` after any skill install, creating a broad trigger that runs code from a mutable remote package version without explicit user confirmation or scope restrictions. Even though the stated purpose is defensive, auto-activation on every install increases attack surface and can lead to unintended command execution or supply-chain exposure.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The periodic workspace scan instruction is underspecified and encourages recurring execution over `./skills/` without defined frequency, resource limits, or consent boundaries. In practice, this can cause excessive autonomous behavior, scan sensitive or irrelevant directories, and repeatedly invoke an external package resolver, which expands operational and supply-chain risk.

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

No suspicious patterns detected.