Security audit
Power-Law Distribution
Security checks across malware telemetry and agentic risk
Overview
The skill bundle is coherent and purpose-aligned, with high-impact admin and review workflows clearly disclosed and guarded by confirmation steps.
Install only if you want these repo-maintenance capabilities. Pay special attention before using the ClawHub moderation, content-rights email, production migration, and autoreview workflows because they may use authenticated services or affect production data, but the skill text requires explicit user-controlled gates for those actions.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
57/57 vendors flagged this skill as clean.
Static analysis
No suspicious patterns detected.
