ClawHub
Back to skill

Security audit

S2 Pet Guardian Agent (S2 宠物守护者智能体)

Security checks across malware telemetry and agentic risk

Overview

This appears to be a local pet-monitoring demo with scoped file access, but its security claims are stronger than its demo-grade implementation.

Install only if you are comfortable with a local demo that writes pet records and may create a simulated public key file under s2_bas_governance. Do not connect it to a real feeder, lock, thermostat, payment flow, or other physical system unless you replace the demo signing flow with a separate trusted signer and review the file permissions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The generated SKILL.md asserts strong security properties such as zero-trust behavior, public-key verification of a Dispatch_Token, and no private-key access, but generate_skill.py only writes documentation and metadata. There is no code here that enforces token validation, restricts action execution, or binds operations to verified identities, so downstream systems or users may rely on protections that do not actually exist.

Description-Behavior Mismatch

Medium
Confidence
82% confidence
Finding
The manifest makes a strong trust-building claim that the skill 'only' verifies public keys and never touches private keys, while the same package metadata describes broader persistence and identity/control responsibilities. This mismatch can mislead reviewers, operators, or policy engines about the true privilege and data-handling scope, increasing the chance that a more capable skill is deployed under weaker scrutiny.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.