Deep Current
Security checks across malware telemetry and agentic risk
Overview
The skill set is coherent for ClawHub maintainer and Convex work, but one review helper defaults to unsandboxed nested agent execution and automatic fallback reviewers, which deserves manual review before install.
Review the autoreview skill before installing, especially its default full-access nested Codex mode and fallback reviewer behavior. Use its no-yolo option or disable automatic fallback reviewers if you do not want repo diffs or local context reviewed outside the normal sandbox. For moderation skills, install only for users who should be able to run ClawHub staff actions.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
VirusTotal findings are pending for this skill version.