Security audit
Gmail Lead Desk
Security checks across malware telemetry and agentic risk
Overview
The package is a coherent ClawHub CLI and repo-skill toolkit whose sensitive actions are disclosed, user-directed, and scoped to its stated registry, publishing, review, and moderation purposes.
Before installing, be aware this is a powerful registry CLI: logging in stores a ClawHub token locally, install/update writes skill files into your chosen workdir, and authenticated publish/moderation/delete operations can change registry state. Use it only with a trusted ClawHub account and review commands before running staff or destructive operations.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
60/60 vendors flagged this plugin as clean.
Static analysis
No suspicious patterns detected.
