Signature Extractor
Security checks across malware telemetry and agentic risk
Overview
The skill artifacts are coherent for ClawHub and Convex maintenance, but they include powerful maintainer commands that users should invoke deliberately.
Install only if you need these ClawHub/Convex maintainer workflows and trust the publisher with repo and service access. Be especially careful with moderation commands and the autoreview helper's full-access default; use confirmation prompts, verify targets, and consider --no-yolo for review runs.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.