Vx Project
Security checks across malware telemetry and agentic risk
Overview
The artifacts appear to be disclosed ClawHub maintainer and development tooling, with no evidence of hidden malware or deceptive behavior.
Install only if you are working on ClawHub maintenance or development and understand that some skills can guide staff moderation, PR comments, token-authenticated CLI actions, local service startup, and full-access review helpers. Keep credentials scoped, review commands before running them, and use the documented confirmation and dry-run paths for write actions.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
63/63 vendors flagged this skill as clean.