Back to skill

Security audit

Claw Store Skill

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims, but it persists agent memory to an external service and can print the encryption key in normal command output.

Review before installing. Use it only if you are comfortable storing encrypted agent memory with this third-party service, avoid saving secrets or private data, protect the local encryption key, and do not run key generation in logs or shared terminals unless you intend to reveal the key.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill advertises no explicit permissions, but its documented behavior clearly requires access to environment variables, local files, and outbound network communication. This mismatch undermines informed consent and platform enforcement because users or agents may invoke a capability-bearing skill without an accurate permission declaration. The context increases risk because the skill handles long-lived encrypted memory plus API and encryption keys, so undeclared file/env/network access affects sensitive data.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The keygen command prints the full encryption key directly to stdout, which can expose the secret through terminal scrollback, shell logging, process supervision logs, CI logs, or copied command output. In this skill's context, that key is the sole protector of all stored memory content, so disclosure enables decryption of all memory blobs accessible to an attacker.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.