ClawHub

horus

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent protocol/reference guide with no hidden execution, but exported traces can contain sensitive user-supplied metadata and should be handled carefully.

Install only if you understand this is a reference protocol, not a complete secure audit system. Do not place secrets, private identifiers, or sensitive operational details in observation metadata unless you add redaction and access controls, and do not treat exported traces as tamper-proof until checksum/signature support is actually implemented.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The specification promises integrity protection and complete export semantics, but the implementation returns unsigned JSON and omits constraint predicates. This can cause consumers to trust incomplete or tampered audit artifacts, undermining integrity guarantees and potentially hiding malicious or unsafe constraints during review or inter-node exchange.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The protocol explicitly supports complete state export and inter-node sharing, and the exported data includes coordinates, timestamps, observer IDs, and metadata. Without prominent user-facing warnings, minimization rules, or default protections, operators may unintentionally expose sensitive telemetry or identifying information across nodes or audits.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The export_trace function serializes the full ledger, including observer_id and arbitrary metadata, without any warning, minimization, or redaction guidance. In realistic deployments, metadata often contains sensitive operational or personal information, so encouraging audit export without disclosure controls can lead to unintended data leakage.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal