clawmate
Security checks across malware telemetry and agentic risk
Overview
This is a disclosed ClawMate local project and file-management skill; it can change local project files when used, but I found no hidden or unrelated behavior.
Install this only if you use the ClawMate local service and want the assistant to manage project files through it. Keep CLAWMATE_URL pointed at a trusted local service, review paths before confirming project setup or feedback-processing actions, and expect the skill to create or update local project documents.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
62/62 vendors flagged this skill as clean.