picoclaw-self-pen-testing
Security checks across malware telemetry and agentic risk
Overview
The available artifact evidence and scanners show no malicious behavior; the skill content is primarily disclosed developer workflow guidance with some high-authority maintenance commands called out explicitly.
Install only if you expect ClawHub/Convex maintainer workflows. Review the moderation and autoreview skills before use because they can guide agents toward admin actions or full-access review tooling, but the artifacts disclose those capabilities and include user-control safeguards.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.