OpenAI
Security checks across malware telemetry and agentic risk
Overview
The inspected skill content is coherent with ClawHub and Convex developer workflows and shows no hidden exfiltration, deception, or unsafe automatic behavior.
This appears reasonable to install for ClawHub or Convex maintainer work. Before using the higher-impact workflows, confirm you trust the publisher with GitHub, ClawHub moderator, and Convex project access, and review commands before allowing bans, role changes, PR comments, proof publishing, migrations, or full-access nested review runs.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
63/63 vendors flagged this skill as clean.