GreenClaw
Security checks across malware telemetry and agentic risk
Overview
The skill has a clear analytics purpose, but it asks the agent to run an unpinned external CLI that was not included in the reviewed artifact.
Review before installing. Only run the GreenClaw CLI from a trusted source, preferably with a pinned version, and treat usage reports as sensitive. Require explicit approval before creating, changing, or removing budget alerts.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.