ClawHub
Back to skill

Security audit

Implementing Architecture

Security checks across malware telemetry and agentic risk

Overview

The reviewed skill artifacts appear coherent and purpose-aligned, with no evidence of hidden exfiltration, destructive behavior, or deceptive instructions.

Install only if you want these ClawHub and Convex workflow capabilities. Review the moderation and autoreview helpers before use because they can run privileged local commands or perform staff-level actions when invoked with appropriate credentials.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal