Mentions Check
Security checks across malware telemetry and agentic risk
Overview
The artifacts are mostly coherent ClawHub and Convex maintainer skills with disclosed local tooling and staff-action workflows, but users should understand the powerful commands before using them.
Install or use these skills only in a trusted ClawHub maintainer/developer environment. Expect them to run local development tools, contact GitHub or Convex when asked, and in the moderation workflow change real ClawHub account or skill state. Review commands before approving staff actions, and use the autoreview no-yolo option if you do not want nested review to run with full local access.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.