Swppp Drafter
Security checks across malware telemetry and agentic risk
Overview
The skill bundle is mostly coherent for ClawHub and Convex work, but its review helper defaults to giving a nested agent full local authority, so it needs human review before installation.
Install only for trusted ClawHub maintainers or Convex developers who understand the connected services. Prefer running autoreview with `--no-yolo` or `AUTOREVIEW_YOLO=0` unless full local authority is explicitly needed, and be aware that moderation, PR publishing, Crabbox, and fallback review commands can affect remote systems or share code diffs with configured tools.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
VirusTotal findings are pending for this skill version.