Skill Publisher Claw Skill
Security checks across malware telemetry and agentic risk
Overview
This is mostly a normal skill-publishing toolkit, but it needs review because its publish command can push an entire folder to GitHub after only limited secret checks.
Install only if you are comfortable with a toolkit that can modify git state and publish through your GitHub account. Run it in a dedicated clean skill directory, inspect `git status` and `git diff` before publishing, avoid `--force`, confirm the active `gh` account and repository visibility, and run a full secret scan across all file types before pushing.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.