Tap Skill

Security checks across malware telemetry and agentic risk

Overview

This skill has a plausible trust-reputation purpose, but it asks users to run an unreviewed remote shell installer and advertises persistent agent behavior without enough scope or cleanup detail.

Review before installing. Do not run the curl-to-bash command blindly; fetch and inspect the installer first, verify the publisher and claimed Open Claw relationship, and confirm where the permanent agent ID is stored, what network data is sent, how 6-hour updates run, and how to disable and fully uninstall it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Intent-Code Divergence

Medium

Confidence: 96% confidence
Finding: The skill instructs users to download and immediately execute code from a remote endpoint via a shell pipeline, which defeats meaningful trust verification and creates a direct remote code execution path. In a security- or trust-focused skill, this is more dangerous because users are primed to lower their guard and may assume the installer is trustworthy without independently validating its contents.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: Piping a remote script to bash without any warning, integrity check, or disclosure encourages unsafe execution of unreviewed code. The surrounding trust/attestation branding makes the instruction more hazardous because it can falsely imply that the installation path itself is verified or safe.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal