Security audit
Skill Vetter
Security checks across malware telemetry and agentic risk
Overview
This skill is mostly a security-vetting checklist, but it claims automatic install-blocking and scanner integration that are not actually included in the package.
Review this as advisory documentation unless the missing scanner and ClawHub integration code are supplied and audited. Do not enable automatic install-blocking or cleanup hooks without explicit opt-in, logs, and rollback instructions, and treat any ClawHub token file as a sensitive credential.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
63/63 vendors flagged this skill as clean.
Static analysis
No suspicious patterns detected.
