ClawHub

Clawsec.Bak

Security checks across malware telemetry and agentic risk

Overview

This is a coherent security-monitoring helper, but it asks users to enable broad HTTPS interception and trust a local CA without enough scoping or cleanup guidance.

Review the actual ClawSec Monitor code before use. Prefer --no-mitm or per-process CA variables over system-wide CA installation, route only the intended agent traffic, treat logs as sensitive because they may contain secrets, and remove the trusted CA and Docker volume when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly instructs users to enable full HTTPS man-in-the-middle interception and install a locally generated CA into the system trust store, but it does not present clear warnings about the security and privacy consequences. Trusting a local CA broadly expands the host's attack surface: compromise or misuse of that CA key would allow silent interception of other TLS traffic and may normalize unsafe trust-store modification practices.

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
-k /Library/Keychains/System.keychain /tmp/clawsec/ca.crt

# Ubuntu / Debian
sudo cp /tmp/clawsec/ca.crt /usr/local/share/ca-certificates/clawsec.crt
sudo update-ca-certificates

# Per-process (no system trust required)
Confidence
92% confidence
Finding
sudo

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
# Ubuntu / Debian
sudo cp /tmp/clawsec/ca.crt /usr/local/share/ca-certificates/clawsec.crt
sudo update-ca-certificates

# Per-process (no system trust required)
export REQUESTS_CA_BUNDLE=/tmp/clawsec/ca.crt   # Python requests
Confidence
92% confidence
Finding
sudo

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal