Back to skill

Security audit

09 Parent Guide

Security checks across malware telemetry and agentic risk

Overview

The skill bundle is coherent and purpose-aligned, but it includes powerful maintainer and review workflows that should be used deliberately.

Install only if you want these ClawHub maintainer and Convex development workflows. Pay special attention before using moderation commands, PR publishing/commenting, production Convex migration commands, or the autoreview helper; use the documented no-yolo option for review runs when you do not want full-access nested Codex execution.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.