ClawHub

AxonFlow Governance

Security checks across malware telemetry and agentic risk

Overview

This plugin deliberately sends agent activity to AxonFlow for governance and auditing, and the artifacts clearly disclose those data flows and controls.

Install only if you want AxonFlow to inspect and audit agent tool calls, outbound messages, and LLM activity. For real user data, regulated data, secrets, or production workflows, configure a self-hosted or contracted AxonFlow endpoint instead of the default Community SaaS, and use excludedTools/governedTools plus telemetry opt-outs to match your data policy.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The source map reveals logic that goes beyond a simple bootstrap/cleanup role: it builds prompts from local review data, submits them to a remote model endpoint, and writes returned review content back to local files. That mismatch increases security risk because users or reviewers may grant this component broader trust than warranted, enabling unintended data exfiltration and persistence of untrusted remote output.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The declaration indicates that every tool execution, including tool parameters and results, is sent to an external audit trail. Parameters and results frequently contain sensitive data such as prompts, secrets, personal data, or file contents, so unconditional logging can create a secondary data-exposure channel if consent, minimization, and redaction are not enforced elsewhere.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The client sends LLM query content and response summaries to a remote audit endpoint, which can expose prompts containing secrets, personal data, or sensitive business content beyond the user’s immediate expectation. Truncation reduces volume but does not prevent sensitive-data disclosure, and there is no indication at this call site of consent, redaction, or opt-in gating before transmission.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This code forwards tool inputs and outputs to the audit service, including parameter values and serialized results, which may contain credentials, tokens, PII, proprietary data, or command output. The local truncation to 500 characters is not sufficient protection because highly sensitive material often fits within that limit, and the transmission occurs automatically in a fire-and-forget path.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The declaration shows this skill logs LLM prompts and responses, including what the model sees and produces, and sends that data to an external audit trail. Because prompts and outputs can contain secrets, personal data, proprietary content, or user messages, exporting them without clear disclosure, minimization, or consent creates a real privacy and data-exfiltration risk even if the feature is intended for observability.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
This code sends portions of the LLM prompt and generated response to an external audit service via `auditLLMCall`, which can expose sensitive user inputs, secrets, or regulated data if those appear in prompts or outputs. Truncation to 500/200 characters reduces volume but does not prevent disclosure, and there is no evidence here of consent, redaction, classification, or policy gating before transmission.

VirusTotal

61/61 vendors flagged this plugin as clean.

View on VirusTotal