ClawHub

ProofAI

Security checks across malware telemetry and agentic risk

Overview

ProofAI does what it advertises, but users should understand that certified or logged AI prompts and responses are sent to a third-party service and may become long-lived audit evidence.

Install only if you trust ProofAI and are comfortable sending selected prompts, responses, and metadata to its hosted service for compliance evidence. Do not log secrets, confidential code, personal data, regulated data, or sensitive business material unless your organization has approved that use and reviewed retention, deletion, and blockchain anchoring implications. Protect and scope the API keys, avoid sharing or committing config files that contain them, and pin or verify the npm package where possible.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (6)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README explicitly encourages users to log or certify prompts and responses, which strongly implies transmitting potentially sensitive model inputs and outputs to an external compliance service. Without a clear warning about data disclosure, retention, and handling, users may unintentionally send confidential contracts, source code, personal data, or regulated content off-platform.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The README instructs users to place API credentials in a local Claude desktop config file but does not warn that this stores sensitive secrets on disk where they may be exposed through weak file permissions, backups, screen sharing, or accidental commits if copied into project files. While this is a common setup pattern, omitting credential-handling guidance increases the chance of operational secret leakage.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The setup snippet includes credential-like environment variable names and an example value that looks production-oriented (for example, a `pk_live_xxx` API key), but does not warn users not to paste real secrets into shared configs, repos, logs, or screenshots. In a skill that explicitly uses external APIs, signing, and blockchain anchoring, this increases the chance of accidental secret exposure and misuse of the associated service account.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill sends user-supplied prompts and AI-generated responses to an external ProofAI API for compression, execution, analysis, signing, bundling, monitoring, and verification, but the code provides no user-facing disclosure, consent flow, or data-minimization control. In an MCP/server-tool context, users may reasonably assume local processing, so silent transmission of potentially sensitive prompts or responses creates a real privacy and compliance risk.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill performs blockchain anchoring of evidence bundles without an explicit warning that user-derived decision data or hashes may be committed to an external, effectively immutable ledger. Even if the raw prompt/response is not directly written on-chain, anchoring metadata tied to sensitive workflows can create long-lived privacy, compliance, and deletion-rights issues that users did not knowingly accept.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
User-supplied prompts and AI responses are sent to a remote API, and later tools also forward responses, metadata, and bundle contents to external services without any in-band warning, consent gate, or data-classification control. In an MCP context, users may reasonably assume local processing, so this can cause unintended disclosure of sensitive prompts, outputs, or regulated data to third-party infrastructure and potentially public blockchain-linked records.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal