Security audit

SentiClaw

Security checks across malware telemetry and agentic risk

Overview

SentiClaw is a coherent security middleware, but it can store local audit records and send configured security alerts containing session and sender identifiers.

Before installing, decide whether local audit logs may contain sensitive security-event details, set a protected audit_db_path or disable auditing if needed, and only configure alerts to private approved channels. Narrow allowed_dirs if using the path-check helper, and do not rely on this skill as your only security control.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (4)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The README advertises immediate threat alerts and SQLite audit logging, and the example alert includes session and sender identifiers, but it does not clearly warn users that security events may be persisted locally and forwarded to external messaging platforms. This can lead operators to unintentionally expose sensitive metadata or regulated user information to third-party channels and local storage, especially in security-sensitive deployments where logs and alerts themselves may contain confidential context.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill states that all events are logged to a local SQLite database, including blocked messages and security incidents, but does not warn users that prompts, sender identifiers, or sensitive security-event content may be retained on disk. In a security-focused skill, this creates a real privacy and data-handling risk because the audit store itself can become a repository of sensitive content and attacker payloads.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill documents immediate alerting to external channels for injection or spoofing attempts without warning that security-event details may be transmitted off-system to third-party platforms like Discord, Slack, or Telegram. This can leak attacker-supplied payloads, user identifiers, or internal context into external services, expanding the exposure surface during incident handling.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: Immediate alerts include session_id and sender_id and send them to external messaging channels such as Discord, Slack, Telegram, WhatsApp, or Signal. That creates a real privacy and data-handling risk because internal identifiers are exported off-system without minimization, redaction, consent, or any visible access-control checks in this code.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.