Clawhub Publishing Workflow

Security checks across malware telemetry and agentic risk

Overview

This ClawHub publishing checklist is mostly coherent, but it includes explicit stealth browser and residential proxy guidance for getting around bot checks.

Install only if you need the ClawHub publishing checklist and are comfortable using the ClawHub CLI with an API token. Prefer the documented token login path, verify the CLI package source before global installation, keep tokens secret, and do not follow the Camo Fox, stealth browser, or residential proxy advice unless you have explicit authorization and understand the policy and privacy implications.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill recommends enabling residential proxies and stealth-related BrowserBase settings without any warning about privacy, policy, or network-trust implications. This can normalize routing traffic through third-party infrastructure and disguising automation in ways that may expose user data, violate platform terms, or bypass organizational controls.

Ssd 2

Medium

Confidence: 93% confidence
Finding: The skill includes anti-bot evasion guidance for getting past browser verification, including stealth features and residential proxies. Even if framed as troubleshooting, this materially assists bypassing access controls and bot-detection mechanisms, which can enable unauthorized automation, policy evasion, and abuse of third-party services.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal