meta-ads
Security checks across malware telemetry and agentic risk
Overview
The skill bundle is mostly coherent for ClawHub/Convex maintenance, but it includes a review helper that runs nested agents with full unsandboxed access by default and can send diffs to external reviewers.
Install only in trusted ClawHub maintenance environments. For routine code review, prefer running autoreview with `--no-yolo` or `AUTOREVIEW_YOLO=0`, and disable fallback reviewers for sensitive private diffs. Use moderation commands only with the intended staff account and verify the exact target, reason, and effect before proceeding.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.