ClawHub

ISO 27001 Evidence Collection

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a read-only audit evidence collection guide whose sensitive outputs are expected for its compliance purpose, but users should store and share that evidence carefully.

Install only if you are authorized to collect compliance evidence for the relevant systems. Run commands with least-privilege read-only accounts where possible, scope exports narrowly, store the evidence directory in a protected or encrypted location, redact copies shared outside the audit need, and define retention and deletion rules for collected files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill instructs users to export highly sensitive audit artifacts, access-control data, security alerts, and inventory details to local files, but it does not provide explicit safeguards for secure storage, access restrictions, retention, redaction, or encrypted handling of those outputs. In an audit-evidence context, these files can contain privileged account information, audit logs, vulnerability data, and security configuration details that would materially aid an attacker or create compliance/privacy exposure if stored insecurely or shared broadly.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
This file provides numerous commands that export highly sensitive identity, access, audit, and security-alert data from GitHub, cloud providers, and endpoint systems, but it does so as a quick-reference without any warning about authorization, least-privilege use, data minimization, or handling of the exported results. In an audit-evidence collection skill, that omission is materially risky because users may run broad tenant-wide exports containing PII, admin memberships, tokens, device data, and audit logs without understanding privacy and access implications.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The guide explicitly requires screenshots to include the system clock, URL bar, and logged-in user identity, which can expose personal data, internal hostnames, account names, and other sensitive metadata. In an audit-evidence collection skill, those screenshots are likely to be stored, shared, and packaged for third parties, increasing the risk of unnecessary disclosure if privacy handling and redaction rules are not defined.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal