codebase-auditor
Security checks across malware telemetry and agentic risk
Overview
The skill bundle is a disclosed ClawHub maintainer/developer toolkit; it has powerful actions, but they match the stated purpose and require user-directed use.
Install only if you intend to use ClawHub maintainer/developer workflows. Before running moderation, PR publishing, remote validation, or autoreview commands, confirm the target repo/account and whether your current credentials point at production; use the documented opt-outs for full-access review mode when you do not need it.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.