Clawqueue Skill V6
Security checks across malware telemetry and agentic risk
Overview
This is a documentation-only skill for a GitHub-backed local task queue, with expected GitHub and local state side effects disclosed well enough for a benign verdict.
Install only if you intend to let ClawQueue read GitHub issues and project boards, write local reports/logs/state, and potentially update boards, commit results, or close issues. Use restricted GitHub tokens and profiles limited to repositories where automated queue processing is acceptable.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.