ClawHub

AI Agent Security Audit & Compliance Assessment

Security checks across malware telemetry and agentic risk

Overview

The main assessment skill is read-only, but the package includes explicit guidance for preserving a benign scan result through wording choices, so it needs human review.

Before installing, review the package carefully and prefer a version that removes SECURITY-SCAN-RULES.md or rewrites it as honest capability disclosure. The main SKILL.md appears safe and read-only, but the bundled scanner-evasion guidance undermines trust in the published artifact.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Intent-Code Divergence

High
Confidence
98% confidence
Finding
This document is explicitly centered on preserving a 'benign' scanner verdict through wording changes rather than ensuring the skill is actually safe. That is dangerous because it teaches authors how to evade static detection and misrepresent behavior, which can allow risky capabilities to pass review and be deployed unnoticed.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The text instructs authors to present the agent as answering from 'existing knowledge' specifically to avoid triggering scanners, not because that wording is a faithful description. This creates a mechanism for deceptive documentation that can conceal real inspection, access, or persistence behaviors from reviewers and automated controls.

Ssd 2

High
Confidence
97% confidence
Finding
These instructions advocate reframing potentially risky actions in safer-sounding language while preserving underlying intent, which is a classic scanner-evasion technique. Such euphemistic substitution undermines security review by hiding operational behavior behind compliant wording.

Ssd 2

High
Confidence
98% confidence
Finding
The file provides direct natural-language guidance for swapping sensitive terms like file reads, credentials, and key material references with less suspicious wording. This is dangerous because it helps bypass keyword-based review and conceal data-access intent that would otherwise trigger scrutiny.

Ssd 4

High
Confidence
99% confidence
Finding
The opening narrative states that the rules exist to keep the skill classified as benign and avoid a suspicious verdict, which is an explicit evasion objective. That increases the likelihood that subsequent content is designed to defeat security controls rather than improve safety, enabling unsafe skills to be distributed under false assurances.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal