ClawHub

Vx Best Practices

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only vx guide; it is coherent, but users should review its migration delete commands before running them.

Reasonable to install as a reference guide. Before following the migration cleanup steps, verify vx is working and prefer renaming or backing up ~/.nvm or ~/.pyenv instead of immediately deleting them; do not let an agent run those rm -rf commands without explicit review.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The migration guide includes destructive commands (`rm -rf ~/.nvm` and `rm -rf ~/.pyenv`) without any warning, confirmation step, backup guidance, or explanation of data loss implications. In an agent-consumable skill, this is risky because an automated system may reproduce the commands verbatim and remove user state or tooling unexpectedly.

Tool Parameter Abuse

High
Category
Tool Misuse
Content
vx add node@$(cat .nvmrc | tr -d 'v')

# 4. Remove nvm
rm -rf ~/.nvm
```

### From pyenv → vx
Confidence
91% confidence
Finding
rm -rf ~/.nvm ``` ### From pyenv → vx ```bash # 1. Check current Python version python --version # 2. Create vx.toml vx init # 3. Add uv (recommended Python manager) vx add uv # 4. Remove pyenv r

Tool Parameter Abuse

High
Category
Tool Misuse
Content
vx add node@$(cat .nvmrc | tr -d 'v')

# 4. Remove nvm
rm -rf ~/.nvm
```

### From pyenv → vx
Confidence
91% confidence
Finding
rm -rf ~/

Tool Parameter Abuse

High
Category
Tool Misuse
Content
vx add uv

# 4. Remove pyenv
rm -rf ~/.pyenv
```

## Provider Development Best Practices
Confidence
91% confidence
Finding
rm -rf ~/

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal