World Cup Copytrader
Security checks across malware telemetry and agentic risk
Overview
The artifact is a disclosed ClawHub/Convex maintainer skill bundle with powerful but purpose-aligned admin and review workflows, not hidden malware.
Install only if you expect ClawHub maintainer or Convex project assistance. Treat it as a trusted-operator skill: do not run the autoreview helper on private diffs unless you are comfortable with configured reviewer tools seeing them, and do not use the moderation workflows unless the agent has the right ClawHub admin authority and an explicit user-approved target.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.