ilang-compress
Security checks across malware telemetry and agentic risk
Overview
The artifact appears to be ClawHub development and maintenance tooling with powerful but disclosed maintainer actions and no evidence of hidden malware or deceptive behavior.
Install or use this only if you intend to work on ClawHub development or maintenance. Treat stored ClawHub/GitHub/Convex/OpenAI tokens as sensitive, prefer dry-run/confirmation paths for publishing and moderation, and use the autoreview helper's no-yolo option if you do not want nested review processes to run with full filesystem access.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.