ClawHub

Sentinel - AI Agent State Guardian

Security checks across malware telemetry and agentic risk

Overview

Sentinel is a local backup and integrity-monitoring skill whose file access and restore behavior match its stated purpose, but users should configure automatic restore carefully.

Install only if you want a local tool that reads, hashes, copies, and may restore selected workspace files. Set WORKSPACE_ROOT and CRITICAL_FILES narrowly, store backups in a protected location, and disable or avoid automatic restore until you trust the baseline because restore operations can overwrite current agent memory, config, or state.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill clearly instructs the agent to read, hash, back up, restore, and quarantine workspace files, which implies file read/write capability, but the metadata does not declare those permissions. Hidden or undeclared file access is dangerous because users and hosting systems cannot accurately assess or constrain what the skill may do before use.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The README promotes automatic self-healing and restoration of files, which means the tool can modify workspace data without strong upfront warnings about overwrite, rollback, or false-positive recovery risks. In an AI agent workspace, unexpected restoration can revert legitimate state, destroy recent updates, or mask tampering by replacing current files with older copies.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill advertises automatic restore and quarantine behavior as protective features but does not clearly warn that these actions can overwrite current files or move user data without interactive confirmation. In a workspace-management skill, that omission increases the risk of unintended data loss, rollback of legitimate changes, or disruption of active agent state.

Missing User Warnings

Low
Confidence
82% confidence
Finding
The backup feature copies workspace contents to another location, but the documentation does not clearly warn that sensitive data may be duplicated outside the primary workspace. This can expand the exposure surface for secrets, memory files, or agent state if the backup directory has weaker protections or different retention rules.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The integrity violation response options include auto-restore and quarantine, both of which can change or relocate files automatically, yet the section does not clearly frame them as potentially destructive operations. Because these actions may trigger in response to false positives or stale state, the skill could unexpectedly revert legitimate work or move files out of place.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The auto-restore path unconditionally overwrites the target file with the latest backup via shutil.copy2(backup_path, filepath) after only limited checks, with no user confirmation, no dry-run mode, and no validation that the selected backup is the intended safe version. In an agent workspace, this can silently replace current state or legitimate updates, causing integrity loss, rollback to stale data, or destructive behavior if restoration is triggered incorrectly or by manipulated monitoring inputs.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal