Security audit
Pixel Art Prompt Builder Skill
Security checks across malware telemetry and agentic risk
Overview
The inspected materials are coherent with ClawHub development and moderation workflows, with no artifact-backed evidence of hidden data collection, deception, or malicious behavior.
Install or use this only if you trust the ClawHub maintainer workflow and are comfortable with tools that can perform authenticated registry, moderation, GitHub, Convex, and local review actions. Use the documented confirmation steps for bans, unbans, role changes, publishing, and proof publishing, and prefer least-privilege credentials for local development.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.