Security audit
09 Parent Guide
Security checks across malware telemetry and agentic risk
Overview
The skill bundle is coherent and purpose-aligned, but it includes powerful maintainer and review workflows that should be used deliberately.
Install only if you want these ClawHub maintainer and Convex development workflows. Pay special attention before using moderation commands, PR publishing/commenting, production Convex migration commands, or the autoreview helper; use the documented no-yolo option for review runs when you do not want full-access nested Codex execution.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.
Static analysis
No suspicious patterns detected.
