ClawHub
Back to skill

Security audit

Drift Guard

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate local drift-monitoring tool, but its Python config loading can execute code from a user-selected file and should be reviewed before use.

Install only if you are comfortable with a local tool reading agent response text and storing derived metrics on disk. Use it in a dedicated working directory, avoid feeding it secrets or private conversations, and do not pass untrusted files to --config because they can run Python code.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Dynamic import via __import__()

Medium
Category
Dangerous Code Execution
Content
if args.config:
        sys.path.insert(0, str(Path(args.config).parent))
        module_name = Path(args.config).stem
        config_module = __import__(module_name)
        config = config_module.CONFIG
    else:
        try:
Confidence
96% confidence
Finding
config_module = __import__(module_name)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill documentation clearly describes capabilities to read response files, write baselines/reports, and process local data, yet no explicit permissions are declared. This creates a transparency and policy-enforcement gap: an operator or platform may assume the skill is passive documentation when it actually requires filesystem access, increasing the risk of over-privileged execution or unsafe deployment.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The --config option effectively turns configuration loading into arbitrary code execution by importing any Python file specified by the caller. In the context of an agent skill and behavior-monitoring utility, this expands the attack surface beyond its declared purpose and can be abused to execute attacker-controlled code if the tool is pointed at an untrusted config path.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal