Research Report Skill
Security checks across malware telemetry and agentic risk
Overview
The skill content is mostly coherent maintainer tooling, but a review helper defaults to running nested Codex with full-access privileges, so users should review it before installing.
Install only if you trust this as ClawHub maintainer tooling. Prefer running autoreview with normal sandboxing, review any fallback AI reviewer data sharing, and use the moderation commands only with explicit targets and reasons.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.