GitHub Actions
Security checks across malware telemetry and agentic risk
Overview
The skills are coherent development and maintainer workflows, with sensitive actions disclosed and mostly gated by user direction.
Install only if you want ClawHub/Convex maintainer automation. Review the moderation and autoreview workflows before use: moderation commands can affect users and public content, and autoreview may share diffs with configured reviewer tools or run nested review with broad local authority unless configured otherwise.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.