Security audit
meeting-to-kanban
Security checks across malware telemetry and agentic risk
Overview
The artifact is a coherent set of ClawHub and Convex workflow skills with disclosed maintainer actions and no evidence of hidden exfiltration, persistence, or destructive behavior.
Install this only if you want ClawHub/Convex maintainer workflows. Be aware that moderation commands can affect users and skills, UI proof can publish PR artifacts, and autoreview may run nested review tools with broad local access unless run with its documented no-yolo option.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.
Static analysis
No suspicious patterns detected.
