Back to skill

Security audit

Cn Line Counter

Security checks across malware telemetry and agentic risk

Overview

The artifacts look like legitimate ClawHub developer workflow skills, but they include a review helper that launches nested agents with full access by default, so users should review the scope before installing.

Install only if you trust the publisher and intend to use these as ClawHub maintainer tools. Before running the autoreview helper, prefer the documented --no-yolo or AUTOREVIEW_YOLO=0 option unless full local access is truly needed, and use the moderation and proof-publishing commands only with explicit targets, reasons, and confirmation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.