创业项目评估器

Security checks across malware telemetry and agentic risk

Overview

The inspected skills are coherent ClawHub/Convex workflow helpers with disclosed, task-aligned authority and no evidence of hidden exfiltration or destructive behavior.

Install only if you are comfortable with a skill that can guide real development and staff operations. Review commands before running them, use the autoreview helper's no-yolo option if full-access nested review is not acceptable, and reserve moderation, migration, proof publishing, and GitHub actions for accounts and repositories where you intentionally have that authority.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 92% confidence
Finding: The skill is written to operate entirely in Chinese and includes fixed Chinese-language prompts and outputs without offering a language preference check or fallback. This can exclude or confuse users who do not read Chinese, increasing the risk of misunderstanding important business guidance or follow-up contact details, though it does not create direct code execution or data exfiltration risk.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal