flow-monitor
Security checks across malware telemetry and agentic risk
Overview
This skill is a disclosed local trace viewer that reads recent tool-call log entries and summarizes timing and size metadata.
Install this only if you are comfortable letting the agent inspect the local claw_execution.log in the current workspace. The skill does not appear to send data elsewhere, but its output can reveal recent tool names, timestamps, and approximate input sizes from your workflow.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.