Google Search Console
Security checks across malware telemetry and agentic risk
Overview
The reviewed skill bundle appears to provide disclosed ClawHub and Convex development workflows, with powerful commands that users should run deliberately.
Install only if you expect this agent to operate on ClawHub or Convex projects. Review commands before approving them, especially moderation actions, production Convex deploys or migrations, GitHub publishing, and the autoreview helper's full-access nested review mode.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.