2Checkout
Security checks across malware telemetry and agentic risk
Overview
The inspected skill artifacts are coherent ClawHub and Convex workflow helpers with disclosed commands and safety checks, though several workflows are powerful and should be used only by trusted operators.
Use these skills only in trusted ClawHub or Convex workspaces. Before running moderation, PR publishing, deployment, auth setup, or migration commands, confirm the target and expected effect. For autoreview, be aware that diffs may be sent to configured reviewer tools and the helper defaults to full-access Codex review; use the documented no-yolo option when you want tighter sandboxing.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.