Workload Scheduler
Security checks across malware telemetry and agentic risk
Overview
The artifact appears to be a coherent set of ClawHub and Convex helper skills with disclosed commands and no evidence of hidden theft, persistence, or destructive behavior.
Install only if you want agent help with ClawHub/Convex development and maintenance workflows. Before using the moderation, proof publishing, migration, or autoreview helper paths, review the exact command because they can modify services, publish PR artifacts, run local project code, or send diffs to configured reviewer CLIs; use the autoreview --no-yolo option if you do not want the nested review to bypass sandbox approvals.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
62/62 vendors flagged this skill as clean.