ClawHub

Reliability Engine

Security checks across malware telemetry and agentic risk

Overview

This reliability-scoring plugin is purpose-aligned and does not show hidden data access, network activity, persistence, or destructive behavior.

Installers should treat this as an opinionated confidence-weighting aid, not a truth oracle. Its bundled source registries and state-media labels may affect how agents summarize trust, so read the known limitations and verify important conclusions with independent evidence.

Publisher note

This plugin reads only its own bundled, read-only data files at load time — the reliability lexicons and source registries in the package's data/ directory (leading_language.json, non_factual_registry.jsonl, non_factual_patterns.json, sources.seed.jsonl), via fs.readFileSync. It uses fs.existsSync solely to locate that data/ folder relative to its own module. It makes no network requests, writes no files, spawns no processes, and accesses nothing outside its own package directory or any credentials.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Natural-Language Policy Violations

Medium
Confidence
92% confidence
Finding
The returned flag strings embed normative judgments such as 'weak as an independent factual authority' and 'editorial independence contested' directly into application logic, which can systematically bias downstream trust scoring or user-facing conclusions without a configurable policy boundary. In a reliability/fact-checking skill, this is especially sensitive because these labels can materially steer credibility assessments for classes of sources based on ownership metadata rather than transparent, user-selectable evaluation criteria.

VirusTotal

66/66 vendors flagged this plugin as clean.

View on VirusTotal