ClawHub

Clawsaver

Security checks across malware telemetry and agentic risk

Overview

Clawsaver appears to be a local message-batching utility that does what it claims, with privacy and logging caveats users should manage.

Install only if brief buffering and merged model submissions fit your product. Keep batching isolated per user/session, provide a send-now or opt-out path for sensitive or real-time workflows, and remove or gate raw prompt/response logging from copied examples before production use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Tp4

High
Category
MCP Tool Poisoning
Confidence
86% confidence
Finding
The skill metadata and documentation present ClawSaver as a simple local batching utility with no dependencies or network behavior, but the broader package behavior reportedly includes publishing scripts, registry authentication flows, metrics collection, and additional session-management features that are not disclosed here. This mismatch is dangerous because users may install or run the package under false assumptions about its scope and side effects, increasing supply-chain and privacy risk even if the hidden behavior is not overtly malicious.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The guide promotes automatic batching and session metrics logging without any explicit warning about privacy, data retention, or the possibility that user message content and session-linked metadata may be handled together. In an agent skill context, this can lead integrators to deploy batching/logging by default in ways that expose sensitive conversational data, increase cross-message data aggregation risk, or create compliance issues if logs are retained or exported.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation promotes automatic batching and shows a mergeMessages function that concatenates multiple user inputs into a single model prompt, but it does not clearly warn that separate user messages may be combined and forwarded together. This can cause privacy and context-boundary issues, especially if users expect messages to be processed independently or if sensitive content sent moments apart becomes exposed together in one request.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The integration guide instructs implementers to merge multiple user messages into a single model prompt and even appends guidance telling the model to treat them as one input, but it never tells developers to disclose this behavior to end users or obtain consent. This can create privacy and expectation violations because users may assume separately sent messages are processed independently, while batching can combine sensitive fragments into a single transmitted context and alter how data is handled.

Missing User Warnings

Low
Confidence
80% confidence
Finding
The README promotes buffering multiple user messages into a single model request but does not prominently warn that this changes conversational timing and combines separate user inputs into one transmission unit. In some deployments, users may expect each message to be processed independently, so batching can alter privacy boundaries, consent expectations, audit semantics, or downstream policy enforcement tied to per-message handling.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The example code logs the fully merged user input with `console.log(`[${sessionKey}] Model would receive:\n${merged}\n`)`, which can expose sensitive user-provided content in application logs. In a batching/session-handling integration, messages may contain prompts, secrets, personal data, or business information, and logs are often retained, aggregated, and accessible to operators beyond the intended recipients.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The example `sendToSession` function logs the full session response before sending it, which can leak model outputs to console logs without user awareness. Model responses frequently echo user inputs or include sensitive generated content, so this creates a secondary disclosure channel through logging infrastructure.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal