ClawHub
Back to skill

Security audit

maimai-cli

Security checks across malware telemetry and agentic risk

Overview

The inspected skill artifacts are purpose-aligned workflow helpers with disclosed commands and user-control guardrails, though some operations can affect repos, PRs, moderation state, or local tooling.

Install only if you want these ClawHub/Convex workflow helpers to guide real repo, PR, package, Convex, and moderation operations. Review commands before approving them, use the moderation skill only with the intended staff account, and consider the autoreview helper's no-yolo option if you do not want nested review to run with full filesystem/network authority.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.