Claw Mechanic
Security checks across malware telemetry and agentic risk
Overview
The artifacts describe ClawHub developer and moderator tooling with sensitive powers, but those powers are disclosed, purpose-aligned, and generally gated by explicit commands, tokens, RBAC, or confirmations.
Install or use this only if you trust the ClawHub repository and intend to run ClawHub maintainer tooling. Use isolated config paths for moderator testing, protect ClawHub/GitHub/Convex tokens, and consider running the autoreview helper with its no-yolo option when reviewing untrusted diffs.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.