ClawHub

Exfat Recovery

Security checks across malware telemetry and agentic risk

Overview

This is a coherent exFAT recovery guide, but it includes raw disk writes and persistent privileged Windows automation without enough safety controls.

Review this as a high-risk disk-repair checklist, not a safe automatic workflow. Before running repair or restore commands, stop using the drive, avoid formatting, make a sector-level image if the data matters, and verify the drive letter, PhysicalDrive number, partition offset, and backup file from independent read-only commands. Avoid the persistent SYSTEM scheduled task unless you understand how to inspect, secure, and remove it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README recommends recovery actions such as running chkdsk /F and repair-oriented tooling without first warning users to stop writing to the drive, avoid formatting prompts, and understand that repair attempts can modify filesystem metadata. In a data-recovery context, omission of these precautions can cause users to worsen corruption or reduce chances of successful recovery, especially if the issue is not limited to boot-region damage.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill includes raw disk-write instructions that directly open a physical drive and write bytes at a specified offset, but it does not prominently warn that a wrong disk identifier, offset, or backup file can overwrite unrelated sectors and permanently destroy data. In a recovery context, users are likely stressed and may copy commands with minimal verification, which increases the chance of catastrophic operator error.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The instructions tell the user to create persistent shutdown and scheduled-task automation that runs with elevated privileges, but they do not clearly warn that this makes system-wide configuration changes and executes PowerShell automatically as Administrator/SYSTEM. In a recovery/prevention skill this may be operationally useful, but normalizing privileged persistence without explicit safety guidance increases the chance of unsafe deployment, misuse, or accidental breakage on the host.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal