Security audit
Google Tasks
Security checks across malware telemetry and agentic risk
Overview
The skill bundle exposes operational tools for reviews, observability, incident response, dashboards, releases, and moderation, and the sensitive capabilities are disclosed and generally gated by user direction or confirmations.
Install only if you intend the agent to use your configured service credentials for observability, Slack, Sentry, Convex, ClawHub admin, or release workflows. Prefer scoped API tokens, review destructive or posting commands before approving them, and avoid putting secrets into the skill memory or shared org repositories.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.
Static analysis
No suspicious patterns detected.
