BaoStock
Security checks across malware telemetry and agentic risk
Overview
The skill bundle is mostly coherent, but it needs review because its autoreview helper defaults to running a nested reviewer with full sandbox bypass and can send code diffs to fallback reviewer tools.
Install only if you trust this publisher and need ClawHub maintainer or Convex development automation. Before using the autoreview helper, prefer `--no-yolo` or `AUTOREVIEW_YOLO=0`, understand which fallback reviewer CLIs are available, and avoid running moderation, migration, publishing, or auth setup workflows unless you have the intended credentials and have confirmed the exact target and command.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.