ClawHub
Back to skill

Security audit

Browser Shopping Assistant

Security checks across malware telemetry and agentic risk

Overview

The skill bundle is purpose-built for ClawHub/Convex development and staff operations, with high-impact commands disclosed and guarded by user confirmation or dry-run steps.

Install this only in a ClawHub staff or maintainer context where the operator understands the admin CLI, GitHub, Convex, and external AI review tools involved. Review commands before approving writes, especially bans, package transfers, outbound emails, and production migrations, and ensure the selected account has only the intended permissions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.