Space Economy Monitor
Security checks across malware telemetry and agentic risk
Overview
The skill pack is mostly coherent for ClawHub and Convex maintenance, but it deserves review because its autoreview helper defaults to broad sandbox bypass and can send code diffs to fallback reviewers.
Install only if you trust this skill pack for ClawHub maintainer work. For sensitive repositories, disable the autoreview full-access default with --no-yolo or AUTOREVIEW_YOLO=0, and consider --fallback-reviewer none if code diffs should not be sent to other reviewer CLIs. Use the moderation and deploy workflows only with explicit targets, reasons, and confirmation.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.