ClawHub

Security Guard

Security checks across malware telemetry and agentic risk

Overview

This security plugin is coherent in purpose, but it can inspect every tool call, send full tool arguments and session identifiers to a configurable external API, and lets unauthenticated slash commands change or disable its protections.

Install only if you control and trust the configured security API endpoint and are comfortable with tool names, full tool arguments, and session or agent identifiers being inspected remotely. Keep approval timeout set to deny, restrict who can run /security-guard commands, and avoid using this in environments where tool parameters may contain secrets unless the plugin adds stronger redaction and disclosure.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
If the approval request message cannot be delivered, the code logs the error and returns without explicitly denying or resolving the approval. In an approval gate, this can create a fail-open or undefined state where a protected tool call may proceed without user consent, undermining the security control the capability is meant to enforce.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The compatibility logic defaults missing or unparseable host versions to "full", which the code defines as including fail-closed support. That can cause the skill to assume security-enforcing behavior exists on runtimes that may not actually support it, creating a fail-open mismatch where protections such as approval or blocking hooks are not registered or enforced as intended.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The README states that tool calls are sent to an external security API and that structured logging/metrics are enabled, but it does not clearly disclose what tool-call data may leave the runtime or be retained in logs. In an agent setting, tool arguments can contain secrets, prompts, user content, or operational data, so missing disclosure and data-handling guidance can lead to unintended sensitive-data exfiltration or over-collection.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The interface explicitly allows `timeoutBehavior` to be set to `"allow"`, meaning an approval can be granted automatically after a timeout rather than requiring an explicit user action. In an approval/security-control context, fail-open timeout behavior is dangerous because missed prompts, UI issues, or deliberate delay can cause sensitive tool actions to proceed without informed user consent; the declaration also shows no guarantee of a visible warning or compensating control in this component.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The hook sends full tool arguments plus user/session identifiers to an external security API (`client.check`) without any indication here of minimization, redaction, consent, or disclosure. Because tool parameters may contain prompts, secrets, file paths, tokens, or personal data, this creates a real data-exposure risk to a remote service even though it is framed as a security control.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
This code sends potentially sensitive data including tool arguments, user_id, scene_id, and optional extra fields to a configurable remote endpoint, but there is no evidence here of consent, minimization, or restrictions on where that data may be sent. Because the endpoint is externally configurable and the code also logs and fail-opens on errors, the design increases the risk of silent data exfiltration or privacy violations if misconfigured or pointed at an untrusted service.

VirusTotal

62/62 vendors flagged this plugin as clean.

View on VirusTotal