Clawditor

Security checks across malware telemetry and agentic risk

Overview

Clawditor is a local workspace-auditing skill that reads project context and writes audit files as advertised, with no evidence of exfiltration, hidden persistence, or destructive behavior.

Install only for workspaces you intend to audit. Review eval/ outputs before sharing because log and memory snippets may contain private context, and treat draft or zero-filled reports as incomplete until the agent has filled in evidence-backed scores. Avoid letting it run tests in untrusted projects without sandboxing or explicit approval.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 91% confidence
Finding: The skill instructs the agent to read the workspace, write reports under eval/, and use helper scripts, which implies file read, file write, and shell-like execution capability without any explicit permission declaration or user-facing boundary. That creates an authorization gap: operators may treat the skill as low-risk metadata while it can inspect broad workspace contents and modify files, increasing the chance of unintended data exposure or tampering.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 86% confidence
Finding: The documented behavior overpromises substantive auditing, scoring, patches, and historical deltas, while the finding indicates the implementation may only generate placeholder outputs and zero/default values. In a security or evaluation context, this is dangerous because consumers can rely on reports that appear authoritative but are incomplete or fabricated, leading to false assurance and missed issues.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill explicitly directs writing multiple files under eval/ and proposing patches, but it does not clearly warn that running the skill changes workspace state. Even if intended for auditing, silent modification can overwrite prior evaluations, pollute repositories, or trigger downstream automation on generated files without the user's informed consent.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal