Security audit
Cn Line Counter
Security checks across malware telemetry and agentic risk
Overview
The artifacts look like legitimate ClawHub developer workflow skills, but they include a review helper that launches nested agents with full access by default, so users should review the scope before installing.
Install only if you trust the publisher and intend to use these as ClawHub maintainer tools. Before running the autoreview helper, prefer the documented --no-yolo or AUTOREVIEW_YOLO=0 option unless full local access is truly needed, and use the moderation and proof-publishing commands only with explicit targets, reasons, and confirmation.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.
Static analysis
No suspicious patterns detected.
