Carbon Neutrality and ESG Reporting
Security checks across malware telemetry and agentic risk
Overview
This is a disclosed ClawHub and Convex workflow skill set with powerful maintainer commands, but the high-impact actions are scoped, user-gated, and purpose-aligned.
Install this only where ClawHub maintainer and Convex development access is appropriate. Staff moderation commands can affect users, orgs, packages, reports, and email, so confirm targets and reasons before writes. The autoreview helper may run nested Codex review with full local access by default and may send generated diffs to configured reviewer CLIs; use its opt-out flags if that is not acceptable. The supplied VirusTotal and SkillSpector signals were clean.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.