Security audit

AI Agent Runtime

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real AI agent runtime, but it uses under-scoped install and data-handling guidance for credentials, local web access, and persistent memory.

Review carefully before installing. Prefer manually downloading a pinned release and verifying it instead of running the remote one-line installers. Use limited-scope LLM API keys, avoid entering confidential data unless you trust the configured provider, keep ~/.fastclaw private, and periodically inspect or delete apikeys.json and MEMORY.md.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (5)

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The README instructs users to execute a remotely fetched PowerShell installer directly with `irm ... | iex`, which runs unreviewed code from the network with no integrity verification or warning. If the upstream repository, distribution path, or transport is compromised, users could execute arbitrary code immediately, potentially with administrator privileges.

Missing User Warnings

Medium

Confidence: 82% confidence
Finding: The setup guide tells users to enter API keys and documents that keys are stored locally in `apikeys.json`, but provides no warning about credential sensitivity, file permissions, or secret handling. This increases the risk of accidental exposure through backups, shared accounts, malware, or improper repository syncing of the config directory.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The README includes `rm -rf ~/.fastclaw` and uninstall deletion steps without prominently warning that they permanently erase all application data, agent state, and stored configuration. Users may copy-paste these commands without understanding the irreversible data loss, especially in an installation guide context.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill prominently exposes a browser-based management interface for configuring agents and API keys, but the description does not warn that sensitive data such as credentials, agent settings, and conversation history may be stored or accessible through that interface. In practice, local web dashboards are frequently exposed beyond localhost through misconfiguration, port forwarding, shared machines, or malware, so omitting this warning can lead users to underestimate the confidentiality risk.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The template instructs the agent to update MEMORY.md after every conversation and explicitly store user preferences and project context, but it provides no notice, consent, retention limits, or sensitivity filtering. In an agent runtime, this can cause persistent storage of personal, confidential, or proprietary information to disk without the user's awareness, creating privacy and data-leakage risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal