Claw Shell 1.0.0

Security checks across malware telemetry and agentic risk

Overview

This skill openly provides local shell access, but its guardrails are weak and its tmux-only safety boundary is not reliable enough for automatic installation.

Review this before installing as it effectively gives an agent local shell access. Only use it in a sandbox or trusted workspace, assume allowed commands can affect local files and data, and do not rely on its current denylist as a complete safety control.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill executes arbitrary shell commands provided via input after only a weak blocklist check, with no explicit user confirmation or meaningful restriction on allowed operations. In the context of an agent skill, this is dangerous because an LLM, prompt injection, or a mis-specified task could cause execution of destructive, data-exfiltrating, or persistence-establishing commands that do not match the small denylist.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal