onchain contract token analysis
Security checks across malware telemetry and agentic risk
Overview
This appears to be a coherent ClawHub/Convex maintainer skill set with disclosed high-impact workflows and no artifact-backed evidence of hidden or malicious behavior.
Install this only in an environment where you are comfortable giving an agent maintainer-level development powers: running local commands, reading diffs, using GitHub and Convex credentials, publishing PR proof artifacts, and, for staff users, performing moderation actions such as bans or role changes. Keep confirmation prompts enabled for account or moderation writes, and use the autoreview helper's no-yolo option if you do not want nested Codex review to run with full local access.
SkillSpector
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.