Clawshell
Security checks across malware telemetry and agentic risk
Overview
Clawshell is a disclosed shell-command approval wrapper with no artifact-backed evidence of malicious behavior, though users should verify the missing implementation before relying on it.
Install only if you intentionally want shell commands routed through an approval wrapper. Before treating it as a security control, verify the actual ClawShell tool implementation and dependencies because they are not included in this artifact. Use dedicated Pushover or Telegram credentials and review log retention because command text may contain sensitive information.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.