Security audit
Yoast SEO Playbook
Security checks across malware telemetry and agentic risk
Overview
The skill bundle is mostly purpose-aligned, but its autoreview helper defaults to full-access sandbox bypass and can pass code diffs to fallback reviewer CLIs, so users should review it before installing.
Install only if you trust this publisher and understand the ClawHub maintainer workflows. Before using `autoreview`, consider running it with `--no-yolo` or `AUTOREVIEW_YOLO=0`, and disable fallback reviewers if you do not want diffs sent through other local AI CLIs. Use moderation, publishing, and deployment commands only with explicit targets and the right account permissions.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.
Static analysis
No suspicious patterns detected.
