ClawHub

ironclaw

Security checks across malware telemetry and agentic risk

Overview

Ironclaw is a disclosed remote safety-checking skill; the main thing to understand is that content you ask it to classify is sent to Ironclaw.

Install only if you are comfortable sending selected text to Ironclaw for classification. Redact secrets, private conversations, proprietary data, and account details before submitting content; protect any Ironclaw API key; and continue manually reviewing future updates before replacing local skill files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The heartbeat document includes an example Authorization header using a realistic live-key prefix (`ic_live_your_key_here`) and tells the user to test that their connection is working. Even though it is framed as optional, this encourages handling or pasting production credentials into a manual request flow without an explicit warning to use a redacted or test key, increasing the chance of credential exposure through logs, screenshots, shell history, or copy/paste mistakes.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly encourages users to submit arbitrary 'content_text' to a third-party API for classification, including DMs, skill files, outbound data, and commands, but it does not provide a clear privacy notice, data handling disclosure, retention policy, or warning about sharing sensitive material. Because the advertised use cases include secrets and private conversations, this creates a real risk of unintentional data exfiltration to the remote service.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal