ClawHub

Alfred Agent Governance

Security checks across malware telemetry and agentic risk

Overview

This governance skill is not malicious, but it overstates security controls that its included example code does not actually enforce.

Install only if you understand this is a governance recipe, not a complete enforcement system. Before relying on it, implement and test the missing rate-limit, approval, resource-limit, and audit-integrity behavior, and set appropriate permissions and retention rules for audit logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The skill advertises governance controls such as rate limiting, approval checks, and resource limits, but the sample enforcement code only implements deny_tools and deny_patterns. In a governance skill, this mismatch can create a false sense of protection, leading operators to rely on controls that do not actually exist and allowing unsafe tool execution paths to proceed unchecked.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The documentation states audit entries include a signature, but the implementation writes unsigned JSONL records. Without integrity protection, audit logs can be modified or fabricated, undermining their value for forensics, accountability, and non-repudiation.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The skill persists agent/tool metadata to disk, including timestamps, identities, tool names, and parameter hashes, but does not describe retention, access controls, or privacy implications. In multi-user or sensitive environments, this can expose behavioral metadata and create compliance or confidentiality issues even if full parameters are hashed.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal