trend-analyst
Security checks across malware telemetry and agentic risk
Overview
The artifact appears to be a coherent set of development workflow instructions with no evidence of hidden exfiltration, destructive automation, or undisclosed persistence.
Install only if you want these ClawHub/Convex workflow helpers. Review commands before running workflows that publish proof, moderate users or skills, deploy Convex code, or invoke external review tools, because those actions can affect repositories, services, or accounts.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.