Climate Intelligence
Security checks across malware telemetry and agentic risk
Overview
The artifacts look legitimate and non-malicious, but they include high-impact maintainer workflows and a review helper that defaults to running nested Codex with full sandbox bypass.
Install only if you trust the publisher and need ClawHub maintainer workflows. Before running the autoreview helper, consider using `--no-yolo` or reviewing the exact command, and be careful with moderation/GitHub commands because they can change public content or account state.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
62/62 vendors flagged this skill as clean.