Security audit

FastClaw AI部署工具

Security checks across malware telemetry and agentic risk

Overview

This is a coherent FastClaw deployment skill, but users should be careful with remote installers, API keys, and saved memory files.

Before installing, verify that you trust the FastClaw GitHub source and avoid blindly piping remote scripts into a shell. Treat ~/.fastclaw as sensitive because it may contain API keys, configuration, and saved agent memory. Review MEMORY.md periodically, delete entries you do not want retained, and avoid sending confidential data to hosted LLM providers unless their policies meet your needs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (6)

Description-Behavior Mismatch

Medium

Confidence: 84% confidence
Finding: The template expands the agent’s role from conversational guidance into persistent storage of user and project data by instructing updates to MEMORY.md after every conversation. That creates a data-retention behavior not clearly bounded by consent, minimization, or review, which can lead to unnecessary collection of sensitive information and privacy risk.

Context-Inappropriate Capability

Medium

Confidence: 88% confidence
Finding: The template grants a long-term memory capability without establishing a clear purpose limitation or safety constraints for what may be stored. In practice, this can cause agents built from the template to persist user preferences, project context, or other sensitive details beyond what is necessary for the immediate task.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The README includes destructive deletion commands such as removing the application data directory without an explicit, prominent warning that this permanently deletes local configuration, agent state, and stored data. In an agent-skill context, users may follow copy-pasted shell commands quickly, so insufficient warning increases the risk of accidental data loss.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill directs users to enter third-party LLM API keys and use external model providers, but gives no guidance on secure credential storage, least-privilege handling, or the privacy implications of sending prompts and potentially sensitive data to those providers. In an AI deployment context, users may unknowingly expose secrets, internal data, or regulated content to external services, increasing the risk of credential leakage and data privacy violations.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The installer downloads a release archive from GitHub and immediately extracts it without any authenticity verification such as a checksum or signature check. If the release asset, network path, or upstream repository is compromised, users may install a trojaned binary directly into their system, and the script gives little warning about these filesystem and trust implications.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: Automatically updating MEMORY.md without warning users about persistent storage is a privacy and transparency failure. Users may disclose sensitive personal or project information under the assumption of ephemeral chat, while the template silently converts it into long-term stored data.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.