ClawHub

TinkerClaw Fork and Skill Scanner

Security checks across malware telemetry and agentic risk

Overview

This is a read-only GitHub and ClawHub discovery skill with disclosed automation, and the scanner’s self-modification concern is not supported by the artifacts.

Install only if you want an automated public-repository and skill-discovery workflow. Review any cron setup, sub-agent fan-out, and WhatsApp/report destination before enabling recurring runs, but there is no evidence here of hidden credential use, file mutation, exfiltration, or destructive behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Self-Modification

High
Category
Rogue Agent
Content
## Continuous Improvement
- Integrate learnings into day-to-day operations.
- Continually update skill interests, reflecting evolving needs.

For more information and advanced configurations, please refer to the META or detailed execution recipes in the skill package.
Confidence
85% confidence
Finding
update skill

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal