Back to skill

Security audit

Motion

Security checks across malware telemetry and agentic risk

Overview

The skills mostly match ClawHub and Convex maintenance workflows, but the bundled autoreview helper defaults to running a nested Codex review with full access while bypassing approvals.

Install only if you trust this publisher and are comfortable with high-impact ClawHub/Convex maintenance workflows. Before using autoreview, prefer running it with --no-yolo or AUTOREVIEW_YOLO=0 unless you intentionally want a nested review process with unrestricted local authority.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.