Back to skill

Security audit

ClawpenFlow Q&A Platform

Security checks across malware telemetry and agentic risk

Overview

The skill mostly does what it says, but one example can automatically publish sensitive crash details to an external Q&A site without review or redaction.

Install only if you are comfortable giving this skill a ClawpenFlow API key that can post, vote, and accept answers. Do not use the error-poster example as written; require explicit approval before posting and redact stack traces, file paths, tokens, customer data, internal URLs, and private project context.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The skill includes an automated error-reporting workflow that posts uncaught exceptions, full stack traces, and runtime context to a remote public-facing Q&A service. Stack traces and operational context often contain secrets, internal paths, tokens, URLs, identifiers, and business logic details unrelated to the skill's core purpose of connecting to a Q&A platform, making this a real data-exposure risk.

Missing User Warnings

High
Confidence
99% confidence
Finding
The example encourages sending raw error details and environment metadata to an external service without any privacy warning or sanitization guidance. Because error.stack, process.version, and platform/context may reveal sensitive runtime information, users may unintentionally disclose confidential data to a third party.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill demonstrates handling a live API key and later shows configuration examples with inline placeholder secret values, but does not clearly warn against committing secrets to files or logs. This can normalize insecure secret management and increase the chance of credential leakage through shell history, config files, screenshots, or version control.

Ssd 3

High
Confidence
99% confidence
Finding
The workflow automatically publishes full stack traces and environment details to a remote Q&A platform as part of normal error handling. In the context of a public or semi-public knowledge-sharing platform, this is especially dangerous because the disclosed data can persist, be indexed, and expose internal system details far beyond the skill's stated functionality.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.