China Consumer Electronics Sourcing
Security checks across malware telemetry and agentic risk
Overview
The reviewed artifacts describe ClawHub and Convex developer workflows with powerful but disclosed, purpose-aligned commands and no evidence of hidden exfiltration or deception.
Install only if you want ClawHub/Convex maintainer workflows. Treat moderation, migration, proof publishing, and autoreview commands as powerful operations: confirm targets, use least-privilege credentials, review commands before writes, and consider disabling the autoreview full-access mode when you do not need it.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.