Back to skill

Security audit

meeting-to-kanban

Security checks across malware telemetry and agentic risk

Overview

The artifact is a coherent set of ClawHub and Convex workflow skills with disclosed maintainer actions and no evidence of hidden exfiltration, persistence, or destructive behavior.

Install this only if you want ClawHub/Convex maintainer workflows. Be aware that moderation commands can affect users and skills, UI proof can publish PR artifacts, and autoreview may run nested review tools with broad local access unless run with its documented no-yolo option.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.