Polymarket 48h Weather Distribution Trader
Security checks across malware telemetry and agentic risk
Overview
The artifacts do not look malicious, but they bundle broad ClawHub maintainer skills with high-impact moderation, GitHub, Convex, and full-access review workflows that deserve human review before installation.
Install only if you are a ClawHub maintainer or intentionally need these repo-local maintenance workflows. Before running autoreview, consider using --no-yolo and disabling automatic fallback reviewers if repository diffs should not leave the environment. Do not run moderation commands with admin tokens unless the target, reason, and public impact are clear.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
63/63 vendors flagged this skill as clean.