Security audit
Git Commit Analyzer / Git提交语义分析器
Security checks across malware telemetry and agentic risk
Overview
The inspected skills are coherent operational guidance for code review, Convex work, ClawHub moderation, and documentation, with sensitive actions disclosed and gated by user confirmation.
Install only if you expect the agent to help with ClawHub/Convex operations and code review. Pay special attention before using the moderation, email, production migration, or proof-publishing workflows, because they can affect real users or production data and should be run only with the required approvals and credentials.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.
Static analysis
No suspicious patterns detected.
