ClawHub

Iso 27001 Internal Audit

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only ISO audit guide with expected evidence-collection steps, but users should handle the collected audit data carefully.

Install for internal compliance work only if you can store audit evidence in approved, access-controlled storage. Prefer API exports over screenshots, use read-only or least-privilege credentials, redact unnecessary employee/customer/security details before sharing, and configure the optional MCP server only if your organization trusts that endpoint.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill explicitly instructs that audit evidence should be collected and kept on the local filesystem, but it does not warn that such evidence may contain sensitive organizational data such as user lists, screenshots, incident details, and compliance artifacts. In a compliance-audit context, this can lead to unintended local persistence of sensitive data on unmanaged endpoints, increasing exposure through theft, backup sync, or accidental sharing.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The provided screenshot command writes audit evidence directly to a local path without warning that screenshots may capture secrets, personal data, security settings, or other sensitive portal content. Because screenshots are easy to overshare and often bypass structured access controls, this guidance can cause inadvertent exposure of sensitive audit evidence.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal