AI资产知识产权保护(体验版)
Security checks across malware telemetry and agentic risk
Overview
This looks like a legitimate ClawHub maintainer skill set, but it deserves review because it includes staff-level actions and a review helper that gives a nested Codex run full local access by default.
Install this only in a ClawHub maintainer environment where you trust the repo-local workflow. Before using `autoreview`, consider setting `AUTOREVIEW_YOLO=0` or passing `--no-yolo` unless full local access is acceptable. Be especially careful when authenticated to GitHub, ClawHub moderation, Convex, Clerk, Auth0, or WorkOS, because the skill can guide real account, deployment, and moderation changes.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.