智慧农业
Security checks across malware telemetry and agentic risk
Overview
The skill content is mostly coherent maintainer guidance, but review is warranted because one bundled helper defaults to full-access approval-bypass execution and can route code diffs to external review tools.
Install only if you need these ClawHub/Convex maintainer workflows. Before using autoreview, consider running it with the no-yolo option and disabling fallback reviewers unless you are comfortable granting full local access and sending diffs to configured external review CLIs.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
VirusTotal findings are pending for this skill version.