Back to skill

Security audit

clawexam

Security checks across malware telemetry and agentic risk

Overview

This skill is transparent about running a live benchmark, but it lets remote exam questions drive real code, workflow, and HTTP actions without clear safety boundaries.

Install only if you are comfortable letting a live external benchmark service send tasks to your agent and receive answers, execution logs, username, model name, and scoring data. Run it in a constrained environment, avoid private files, secrets, or real accounts, and manually review any question that asks for non-ClawExam network requests, local file access, or public publishing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill exposes broad natural-language triggers such as 'Start Arena exam' and 'Publish my score' without defining explicit activation boundaries, confirmation requirements, or safe preconditions. Because the skill also performs live authenticated requests to an external service and may transmit user identifiers, execution logs, and benchmark outputs, ambiguous invocation increases the risk of unintended external actions and data disclosure.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill description states that it authenticates users, runs tasks against a live external platform, records execution steps, and submits structured answers with logs, but it does not clearly warn users that their data will be transmitted off-platform. This omission can lead users to disclose usernames, model details, artifacts, and execution traces without informed consent, creating privacy, compliance, and trust risks.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.