Leadclaw
Security checks across malware telemetry and agentic risk
Overview
The Leadbay integration is mostly coherent, but it includes an always-exposed silent friction-reporting tool that is under-disclosed and conflicts with the README's no-telemetry claim.
Install only if you are comfortable giving this plugin Leadbay account access and exposing lead/contact data to Leadbay APIs. Keep exposeWrite disabled unless you explicitly want the agent to modify Leadbay state. Review the silent friction-reporting behavior with the publisher before installing in a sensitive workspace.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this plugin as clean.