Back to skill

Security audit

compliance-archive-claw

Security checks across malware telemetry and agentic risk

Overview

This is a local compliance document archiving skill, but its script can automatically change archive records and write files using insufficiently validated inputs.

Review before installing in a real compliance environment. Use it only with backed-up test data until SQL inputs are parameterized or escaped, document types are restricted to approved archive paths, and version updates require confirmation with a list of records that will be marked obsolete.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill states that when a new version is archived, the old version is automatically marked as obsolete, but it does not require a clear confirmation step or warn the user about the consequence. In a compliance archive context, incorrect obsolescence marking can hide valid documents, disrupt audits, and create regulatory or operational errors through unintended state changes.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.