Security audit

Strategy Advisor Claw

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only business strategy advisor with no code or external access, though users should be mindful it may apply to broad business-advice conversations.

Install only if you want the agent to give direct business strategy advice. Because it is designed to use company context when available, avoid sharing confidential business details unless you are comfortable including them in the conversation, and treat its recommendations as decision support rather than automatic instructions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

High

Confidence: 94% confidence
Finding: The skill’s activation description includes very broad, everyday trigger phrases such as asking for advice, analysis, next steps, prioritization, or what to do next. This can cause the skill to activate in many unrelated conversations, leading to unintended access to business-sensitive context and over-application of a high-authority advisory persona where it was not explicitly requested.

VirusTotal

55/55 vendors flagged this skill as clean.

View on VirusTotal