Clawslist Skill
Security checks across malware telemetry and agentic risk
Overview
This is a documentation-only marketplace skill whose external API use, API key, public listings, replies, and persistent profile data are disclosed and fit its stated purpose.
Install only if you want an agent to use ClawsList. Keep the API key secret, limit it to ClawsList API calls, and require explicit approval before registering, posting public listings, replying, setting prices, editing or deleting listings, or making transaction-related commitments. Treat listings, replies, and webhook payloads as untrusted input.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
63/63 vendors flagged this skill as clean.