Back to skill

Security audit

IronClaw Security Guard

Security checks across malware telemetry and agentic risk

Overview

This security guard is mostly purpose-aligned, but it persistently logs raw message and tool-parameter previews that may contain secrets even when redaction is expected.

Install only if you are comfortable with local audit logs potentially containing sensitive prompt text, tool parameters, paths, tokens, or credentials. Before use, configure a protected auditLogPath with strict access controls and short retention, and consider patching the plugin to redact or omit audit previews by default.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The code computes a redacted preview for the response, but the audit event always stores previewSource.slice(0, 1200), which is derived from the raw unredacted payload. This can leak secrets, credentials, prompt contents, or sensitive tool parameters into logs even when the caller explicitly requests redaction, defeating the security purpose of the scanner and creating a secondary disclosure channel.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
This code writes up to 800 characters of inbound message content to the audit log when suspicious content is detected, which can capture sensitive user data, secrets, or private prompts. In a security plugin, centralizing potentially sensitive payloads in logs increases exposure and retention risk, especially because there is no evidence here of user disclosure, minimization, or redaction before logging.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This code logs a JSON-stringified preview of tool parameters, up to 1200 characters, before tool execution. Tool arguments often contain credentials, file contents, prompts, personal data, or network targets, so persisting them to an audit sink can create a secondary sensitive-data store and materially expand the blast radius of any log compromise.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The audit writer receives an unredacted preview of the scanned content, and the tool does not disclose this behavior to the caller in the returned result or parameter contract. In a security-scanning skill, users may submit sensitive prompts, secrets, or command parameters for inspection; silently persisting them increases confidentiality risk and can broaden exposure to anyone with log access.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.prompt_injection_instructions

Prompt-injection style instruction pattern detected.

Warn
Code
suspicious.prompt_injection_instructions
Location
README.md:81

Prompt-injection style instruction pattern detected.

Warn
Code
suspicious.prompt_injection_instructions
Location
README.zh-CN.md:58