JSON Diff Tool

Security checks across malware telemetry and agentic risk

Overview

This is a simple JSON comparison tool that runs locally in the browser, with a caution about using external hosted pages for sensitive JSON.

Safe for ordinary JSON comparisons. Do not paste secrets, tokens, customer data, or internal configuration into the trycloudflare-hosted page unless you trust the served code; use the reviewed local HTML or ClawHub copy for sensitive JSON.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The skill says to invoke itself whenever a user asks for JSON diff/comparison, which is broader and more forceful than the explicit trigger list and can cause over-activation on generic requests. In an agent setting, this may route users to an external tool unnecessarily, including cases where the agent could answer safely in-chat or where the user did not clearly consent to opening a third-party site.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal