Security audit
Product Description Generator
Security checks across malware telemetry and agentic risk
Overview
The skill artifacts are coherent maintainer and Convex workflow guidance, with sensitive actions disclosed and generally gated by user direction.
Install only in a maintainer or developer environment where you expect the agent to run repo, GitHub, Convex, and ClawHub CLI commands. Review sensitive commands before approval, especially moderation actions, PR publishing, package installs, auth setup, and the autoreview helper's default full-access nested review mode.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.