Hunter
Security checks across malware telemetry and agentic risk
Overview
The inspected skill bundle appears to be a coherent ClawHub and Convex maintenance toolkit with disclosed high-impact actions rather than hidden or deceptive behavior.
Install only if you trust the ClawHub maintenance context and intend to let an agent run repository, GitHub, Convex, UI proof, or moderation workflows. Review the autoreview helper before use because it defaults nested Codex review to full-access mode, and use moderation or publishing commands only with the intended target, credentials, and confirmation.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.