ClawHub

Claude Api Anthropic

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Claude API helper with powerful examples, but no hidden install, automatic execution, or deceptive behavior was found.

Install only if you want Claude API and Agent SDK integration guidance. Before copying examples into real projects, avoid sending secrets or regulated data in prompts, files, cached content, memory, or tool results, and keep Agent SDK tools and permission-bypass modes limited to tightly scoped sandbox or CI environments.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (8)

Natural-Language Policy Violations

Medium
Confidence
90% confidence
Finding
The skill explicitly instructs the agent to ALWAYS use a specific high-end model unless the user names another one, removing normal user-choice and cost/performance tradeoff handling. This can override user intent, increase spend, and steer downstream behavior in a way that is not technically necessary for most requests.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The examples instruct users to send prompts, message contents, and tool results to a remote third-party API, but they do not warn that these payloads may contain sensitive or regulated data. In a skill focused on raw HTTP usage, this omission increases the chance that users will copy patterns into production and unintentionally transmit secrets, personal data, or internal tool output externally.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README includes an example using permission_mode="acceptEdits", which enables automatic file modifications without clearly warning readers that workspace files may be changed. In documentation for an agent SDK with built-in file editing tools, this can normalize unsafe defaults and lead integrators to adopt behavior that allows unintended or prompt-influenced code changes.

Missing User Warnings

High
Confidence
97% confidence
Finding
The README documents bypassPermissions and says it skips all prompts, but it does not provide a prominent safety warning about the consequences of removing human approval for dangerous operations. In the context of an agent SDK that exposes tools like Bash, Write, WebFetch, and subagents, this materially increases the risk of destructive local actions, data exfiltration, or unsafe automation if copied into real deployments.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The example launches an external MCP server process and passes DATABASE_URL via environment variables without any explicit warning about credential exposure boundaries. In documentation for an agent SDK, this is risky because users may copy the pattern directly and connect a broadly capable external process to production data, potentially leaking credentials or enabling unintended database access through the agent/tooling path.

Missing User Warnings

Low
Confidence
89% confidence
Finding
The documentation shows multiple examples sending prompts, documents, and batch inputs to the Anthropic API but does not warn that these contents leave the local environment and are transmitted to an external service. In this skill context, that omission can lead developers to batch-submit sensitive user text, internal documents, or regulated data at scale, increasing privacy and data-handling risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation explicitly encourages uploading local files to an external API, notes that files persist until deleted, and demonstrates reuse across requests, but it does not warn about confidentiality, data retention, or the risk of sending sensitive documents off-platform. In a developer skill, this omission can lead users to unintentionally transmit regulated, proprietary, or personal data to a third-party service and leave it stored longer than intended.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The README explicitly documents `dontAsk` and `bypassPermissions` modes, including the requirement to set `allowDangerouslySkipPermissions: true`, but it does so without a prominent warning about the security consequences of disabling prompts. In an agent SDK that exposes powerful tools like `Bash`, file writes, web access, MCP servers, and subagents, normalizing prompt-free execution can lead developers to deploy unsafe configurations in CI/CD or production and enable destructive or data-exfiltrating actions without human approval.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal