ClawHub

Tork Guardian

Security checks across malware telemetry and agentic risk

Overview

Tork Guardian is a coherent security and governance SDK, with some important privacy and reliability tradeoffs users should understand before relying on it.

Install only if you are comfortable routing governed prompt content and security telemetry to Tork's service under your Tork API key. For sensitive or regulated environments, review Tork's retention and processing terms, configure strict/custom network policies, and account for the current fail-open behavior if governance must block when the cloud service is unavailable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Intent-Code Divergence

Medium
Confidence
99% confidence
Finding
The client explicitly fails open when the external governance service is unreachable, returning an 'allow' decision and the original unfiltered content. In a component whose purpose is governance/enforcement, this creates a straightforward bypass: any outage, timeout, DNS issue, or induced network failure disables protection entirely and lets prohibited content pass.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The client is explicitly designed to fail open: if the governance service is unavailable, it returns an 'allow' decision and passes the original content through unchanged. This defeats the core security control, since an outage, timeout, DNS issue, or induced network failure can bypass moderation/redaction entirely and expose downstream systems to ungoverned content.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The interceptor advertises that network requests are restricted under a strict policy, but in practice all non-strict modes allow arbitrary network access with no hostname, protocol, destination, or path validation. In an agent skill context, this can enable untrusted skills or prompts to exfiltrate data, contact attacker-controlled endpoints, or bypass expected egress controls whenever the policy is not set to strict.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
This code sends each message's raw content to an external governance client via `client.govern(msg.content, { mode })` before any user-visible disclosure or consent mechanism is evident in this component. Even if the purpose is PII redaction, the design still exposes potentially sensitive prompt contents to a third party or separate service, which creates a privacy and data-handling risk if users or integrators are unaware of that transfer.

Missing User Warnings

Medium
Confidence
77% confidence
Finding
The code transmits arbitrary content to an external governance API, which can create confidentiality and privacy risk if prompts, user inputs, secrets, or regulated data are sent off-box without clear disclosure or consent. In a governance client this may be expected behavior, but without user-facing notice, data minimization, and handling guarantees, sensitive content could be exposed to a third-party service unexpectedly.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The handler sends threat reports to a remote cloud service containing the skill ID and detailed network activity (`type` and `detail`) without any visible consent, disclosure, minimization, or configuration gate in this code path. Even if intended for security telemetry, this creates a data-exfiltration/privacy risk because operational metadata about local skills and attempted connections can be transmitted off-host automatically.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal