Userflow
Security checks across malware telemetry and agentic risk
Overview
The reviewed artifacts and clean scanner telemetry do not show hidden or malicious behavior; the sensitive capabilities are disclosed and tied to ClawHub/Convex workflows.
This appears acceptable to install for ClawHub/Convex maintainers, but users should understand that some workflows can make real moderation changes or run broad local review tooling. Use only with the intended repo/account, review commands before approving writes, and use the documented opt-outs for full-access review mode when stronger containment is desired.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
63/63 vendors flagged this skill as clean.