Back to skill

Security audit

PasteClaw

Security checks across malware telemetry and agentic risk

Overview

PasteClaw appears to do what it says, but its default examples upload content and tokens to a third-party service with weakened HTTPS checks and limited safety guidance.

Review before installing. Use it only for material you intend to share externally, remove `-k` from curl commands so HTTPS certificates are verified, avoid secrets/private configs/personal data, omit metadata headers unless needed, and confirm snippet IDs plus edit/session tokens before update or delete actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs agents to publish content to a third-party paste service and return the resulting URL, but it does not prominently warn that pasted material leaves the local environment and may become accessible to others. In an agent setting, this creates a real risk of unintentionally exfiltrating sensitive prompts, configs, code, or user data through normal task execution.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill recommends sending model/tool/source/task metadata for analytics and debugging without a user-facing disclosure or minimization guidance. That encourages outbound transmission of internal operational details that may reveal model identity, tooling, workflow context, or other environment information unnecessary for the core paste operation.

Ssd 3

Medium
Confidence
96% confidence
Finding
The skill explicitly promotes publishing arbitrary text, configs, JSON, YAML, notes, and agent handoff assets to a remote paste service, creating a straightforward path for sensitive content disclosure. In the context of an AI agent, users may ask to share logs, configs, or generated artifacts that contain secrets or proprietary data, and the skill normalizes uploading them with little friction.

Ssd 3

Low
Confidence
88% confidence
Finding
The guidance to make requests traceable by model/tool metadata encourages disclosure of internal agent and environment details to an external service. While lower severity than content exfiltration, it still increases fingerprinting, vendor visibility into internal stack choices, and potential correlation of user actions across requests.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.