RocketReach

The skill bundle appears legitimate for ClawHub and Convex maintenance, but it includes privileged moderation workflows and a review helper that defaults to running nested Codex with full sandbox bypass.

Review before installing in any sensitive workspace. Use it only if you are a ClawHub/Convex maintainer or intentionally want these workflows, set `AUTOREVIEW_YOLO=0` or use `--no-yolo` for safer review runs, and avoid fallback reviewers when private code should not be shared outside the local environment.