Codebase Radar
Security checks across malware telemetry and agentic risk
Overview
The skill set appears legitimate and purpose-aligned, but it needs review because its autoreview helper bypasses sandbox and approval protections by default.
Review before installing. The ClawHub moderation and migration workflows are clearly documented and guarded, but only use this skill set in trusted repositories and prefer disabling the autoreview full-access default unless you explicitly want nested review to run without sandbox or approval prompts.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.