FastClaw Deployer

Security checks across malware telemetry and agentic risk

Overview

This is a small text-only deployment helper with vague activation wording, but it has no code, installer, credentials, persistence, or automatic system access.

Treat this as a generic text helper, not a verified deployment tool. Before using it for real server work, review any commands, API calls, credentials, or infrastructure changes the agent proposes because those details are not defined in the skill itself.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger condition '发送包含技能名称或相关指令的消息即可触发' is overly broad and can cause the skill to activate on vague or unintended user input. In a deployment/devops context, unintended invocation is more dangerous because deployment-related actions can have side effects on infrastructure, even if the description claims the skill is safe.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal