Security audit
Mortgage Rate Monitor
Security checks across malware telemetry and agentic risk
Overview
The skill bundle is mostly coherent, but it includes repo-review and moderation workflows with broad authority, especially a helper that defaults to running a nested Codex review with full filesystem access and bypassed approvals.
Review this before installing if you do not want skills that can use existing local credentials to comment on PRs, publish UI proof artifacts, or perform ClawHub moderation actions. For autoreview, prefer running the helper with `--no-yolo` or setting `AUTOREVIEW_YOLO=0` unless you explicitly want nested review to bypass approvals and sandboxing.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.