ClawHub
Back to skill

Security audit

法律合同风险审查系统

Security checks across malware telemetry and agentic risk

Overview

The visible skill artifacts are coherent maintainer and developer workflows with disclosed powerful commands and no hidden data theft, persistence, or destructive automation found.

Install only if you intend to use ClawHub maintainer or Convex development workflows and trust the workspace. Be especially careful with moderation, PR publishing, and autoreview commands because they can use local credentials and make external changes when you authorize them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal