Codex Owner Move E2E
Security checks across malware telemetry and agentic risk
Overview
This documentation-only skill is not malware, but it tells an agent to perform maintainer-level ClawHub publishing, ownership migration, and deletion actions that ordinary users should not run.
Install or invoke this only if you are a ClawHub maintainer intentionally validating owner migration. Use a dedicated throwaway skill, verify the exact target before every mutation, and manually confirm publishing, ownership transfer, and deletion steps. Ordinary users should avoid installing it.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.