ClawHub

license-audit

Security checks across malware telemetry and agentic risk

Overview

This license-audit skill mostly does what it claims, but it can automatically install Trivy by running a remote installer without a clear opt-in.

Install only if you are comfortable with the tool potentially installing Trivy automatically. Safer use is to install Trivy yourself first, avoid putting Git tokens directly in URLs, use --no-enrich for offline NuGet scans, and use Feishu output only for repositories whose dependency data may be uploaded to your Feishu account.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
return path
    print("⚠️  Trivy not found. Installing...")
    if sys.platform == "darwin":
        subprocess.run(["brew", "install", "trivy"], check=True)
    else:
        subprocess.run(
            "curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin",
Confidence
93% confidence
Finding
subprocess.run(["brew", "install", "trivy"], check=True)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
if sys.platform == "darwin":
        subprocess.run(["brew", "install", "trivy"], check=True)
    else:
        subprocess.run(
            "curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin",
            shell=True, check=True,
        )
Confidence
99% confidence
Finding
subprocess.run( "curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin", shell=True, check=True, )

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
A license-audit skill is expected to inspect data, not install software on the host. Bundling environment modification into analysis expands the trust boundary and can unexpectedly change the system state or pull unreviewed code during what appears to be a read-only audit.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill can publish audit output to Feishu Doc and Feishu Base, which sends repository-derived dependency information to external services and creates remote artifacts. In a compliance-audit context this may be legitimate, but it materially increases data-exposure risk if users do not realize results are leaving the local environment.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The documentation recommends passing a Git token directly in the repository URL, which can leak credentials through shell history, terminal logs, CI logs, process listings, and copied command transcripts. Because this is a security-oriented automation skill that may be used in shared environments, normalizing this unsafe pattern increases the chance of credential disclosure.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The script auto-installs Trivy, including by executing a remote installer script, without meaningful warning or consent about system modification. That creates a strong supply-chain and unexpected-execution risk, especially because users invoking an audit tool may not anticipate privileged changes to their machine.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal