Back to skill

Security audit

Clawtrix Skill Advisor

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill recommends skill changes and uses external searches with mission keywords, but it does not install or remove anything itself.

Install only if you are comfortable with the agent reading your skill list and SOUL.md and using mission-derived search terms with ClawHub, HN Algolia, and optional ClawBrain. Review any suggested install or remove commands manually, and avoid heartbeat use if you want skill reviews only on explicit request.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill states that it never sends SOUL.md or agent configuration externally, but its workflow explicitly derives mission keywords from SOUL.md and sends them to external services such as ClawHub and HN Algolia. Even if the full file is not transmitted verbatim, derived mission terms can still disclose sensitive business context, projects, tools, or domains, making the privacy claim materially misleading.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
This is the same underlying issue as SDI-1: the documentation promises that SOUL.md-derived information is not sent externally, while the operational steps instruct the agent to query external APIs using mission-derived data. Misrepresenting data flows can cause users to expose confidential operational details without informed consent.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The instructions direct the agent to perform external API queries based on mission keywords extracted from SOUL.md or inferred from conversation context, but they do not clearly warn that workspace-derived information may leave the local environment. In a skill specifically positioned around auditing the agent's stack and mission, this omission increases the risk of unintended disclosure of sensitive organizational or project metadata.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.