ClawHub

Agent Hardening

Security checks across malware telemetry and agentic risk

Overview

This is a coherent agent-security guide with an optional test runner, but users should be careful with its email-copying advice and system-prompt testing script.

Install this as guidance, not as an automatic security control. If you use the test runner, use a low-privilege API key, verify the endpoint is trusted, and do not upload sensitive system prompts to third-party services unless that is acceptable. Treat the blanket BCC-owner email rule as a policy decision requiring consent and privacy review, not a universal requirement.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Natural-Language Policy Violations

Medium
Confidence
86% confidence
Finding
Mandating that the owner be BCC'd on all outgoing email creates a blanket secondary disclosure channel that can expose message content, metadata, and sensitive user information to an additional recipient regardless of context or consent. In a hardening guide, this is especially risky because readers may implement it as a universal security control even when it violates privacy, least-disclosure, or regulatory requirements.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
If a user supplies --system-prompt-file, the file contents are read and then sent verbatim to the configured remote endpoint for testing. Because system prompts often contain sensitive instructions, secrets, or internal policy text, sending them off-box without an explicit warning or confirmation can cause unintended disclosure, especially when the endpoint is third-party or misconfigured.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal