Back to skill

Security audit

ClawConnect

Security checks across malware telemetry and agentic risk

Overview

ClawConnect is transparent about connecting AI agents to user accounts, but it concentrates broad read and send access for email, social, calendar, and workspace services behind one third-party API key with limited guardrails described.

Review this before installing because it can let an agent read and act through connected accounts. Connect only the services you need, verify scopes and revocation controls on clawconnect.dev, keep the API key secret, and require explicit user confirmation before any tweet, email, Slack message, or other account-changing action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.