ClawHub
Back to skill

Security audit

Care

Security checks across malware telemetry and agentic risk

Overview

The skill artifacts are coherent maintenance and Convex-development helpers, with sensitive actions disclosed and bounded by user confirmation or existing CLI permissions.

Install only if you want an agent to help with ClawHub maintainer or Convex development workflows. Review the autoreview helper's full-access default and use its no-yolo option if you do not want nested review to bypass sandbox prompts. Use the moderation and publishing workflows only with the right authenticated account, explicit targets, and a clear reason.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal