Servicegraph
Security checks across malware telemetry and agentic risk
Overview
The artifact appears to be a coherent set of ClawHub/Convex agent skills with disclosed maintenance, review, UI proof, and moderation workflows rather than hidden or malicious behavior.
Install only if you trust the ClawHub maintenance context. Review the autoreview helper before use because it defaults nested Codex review to full-access sandbox bypass, and use moderation, proof publishing, deploy, or migration commands only with the intended repository, credentials, target, and confirmation.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
60/60 vendors flagged this skill as clean.