ClawHub

GauntletScore

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only skill for sending user-selected documents, code, or URLs to GauntletScore for cloud analysis, with no hidden local execution or install-time behavior found.

Install only if you are comfortable sending selected content or URLs to GauntletScore's cloud service. Redact secrets, credentials, personal data, and regulated or proprietary material unless you have approval, and review the linked privacy and terms before using it for confidential work.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly encourages users to submit arbitrary documents or code to a third-party API, but the description does not present a clear upfront warning that content will leave the local environment and be transmitted to an external cloud service. This creates a real data handling and privacy risk because users may send sensitive source code, proprietary documents, or regulated content under the assumption they are using a local verification tool.

External Transmission

Medium
Category
Data Exfiltration
Content
### Verify a document by pasting content:
```
POST https://api.gauntletscore.com/v1/analyze
Authorization: Bearer YOUR_API_KEY
Content-Type: application/json
Confidence
98% confidence
Finding
https://api.gauntletscore.com/

External Transmission

Medium
Category
Data Exfiltration
Content
### Verify a ClawHub skill by URL:
```
POST https://api.gauntletscore.com/v1/analyze
Authorization: Bearer YOUR_API_KEY
Content-Type: application/json
Confidence
94% confidence
Finding
https://api.gauntletscore.com/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal