Baoyu Infographic
Security checks across malware telemetry and agentic risk
Overview
The artifacts mostly match a ClawHub developer and moderation workflow, but they include high-impact commands that can run with full local access or change platform state, so users should review them carefully before installing.
Install only in a trusted ClawHub development environment. Before using the review helper, consider disabling its full-access mode with its documented no-yolo option; before using moderation or publishing workflows, confirm the exact target, command, account, and token scope.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.