ClawHub

DepGuard

Security checks across malware telemetry and agentic risk

Overview

DepGuard appears to be a coherent local dependency-auditing skill with clearly named optional commands that can change project files or install git hooks.

Install if you want a local dependency auditing tool, but treat `depguard fix` and `depguard hooks install` as write-capable actions. Run scans first, use a clean git working tree before fixes, review dependency and lockfile diffs afterward, and only install hooks in repositories where commit-time scanning and blocking are expected.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The example triggers are broad, natural-language phrases such as scanning dependencies or generating reports, which can overlap with ordinary user requests in unrelated contexts. In an agent environment, this can cause the skill to activate unexpectedly and perform repository inspection or package-management actions without sufficiently explicit user intent, increasing the chance of unintended security-relevant operations.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README advertises commit-blocking, auto-fix, and git-hook installation without clearly warning that these features can modify repository state, alter dependency versions, or install local hooks that affect developer workflows. Even if intended as legitimate functionality, presenting these actions without explicit consent and safety caveats raises the risk of an agent initiating persistent or disruptive changes that the user did not anticipate.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The skill includes broad natural-language triggers like 'Scan my dependencies for vulnerabilities' and 'Generate a security audit report,' which could cause the agent to invoke the skill in contexts where the user did not intend a repository scan or filesystem operation. In an agent environment, overly broad trigger phrases increase the chance of unintended tool execution against the current workspace or a sensitive project.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The `fix` command is described as auto-fixing vulnerabilities by upgrading to patched versions, but it does not clearly warn that this can modify dependency manifests, lockfiles, and potentially application behavior. Silent or unexpected modification of project files is dangerous in agentic workflows because it can introduce breaking changes or create commits the user did not knowingly authorize.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Installing git hooks changes repository behavior on future commits, yet the description does not clearly emphasize this persistent side effect. In practice, a user may approve a one-time action without realizing it will enforce scans and potentially block future commits, which is a meaningful integrity and workflow-impacting change.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The install function appends to or creates the repository's lefthook.yml without prompting the user or clearly warning that it will modify repository configuration. In a security tool, silently changing repo state is risky because it alters developer workflows and establishes a persistent execution path on future commits.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
Running 'lefthook install' changes the repository's hook state and enables automatic execution on future git operations, but this occurs without an interactive confirmation step. That persistence increases risk because users may not realize they have installed a mechanism that runs code during commits.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The script can write `DEPENDENCY-REPORT.md` and, more importantly, run dependency-modifying commands such as `npm audit fix`, `yarn upgrade`, `pnpm audit --fix`, `pip-audit --fix`, and `cargo update` without any explicit confirmation prompt or dry-run safeguard. In a dependency-audit skill, users may reasonably expect read-only analysis; silent modification of manifests, lockfiles, or installed dependencies can disrupt builds, introduce breaking changes, or alter the repository state unexpectedly.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal