Btc Contract Scanner
Security checks across malware telemetry and agentic risk
Overview
The skill artifacts are mostly coherent ClawHub and Convex helpers, but one review helper defaults to launching a nested agent with full local access, so users should review it before installing.
Install only if you trust the publisher and need these ClawHub/Convex maintainer workflows. Before using autoreview, consider setting AUTOREVIEW_YOLO=0 or passing --no-yolo so nested review does not run with full local access by default. For moderation, migration, publishing, and auth setup workflows, confirm each target, environment, and credential context before allowing writes.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.