Openclaw Fullstack App

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Convex setup guide that writes project files and runs normal npm/Convex setup commands, with the main caveat that users should choose an empty target directory.

Install this if you want an agent to help set up Convex. Expect it to create or modify project files, run npm package installation commands, and ask you to run Convex dev/login steps yourself. Use a new or empty directory for scaffolding unless you intentionally want to add Convex to an existing app, and review generated .env.local and deployment settings before deploying to production.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 88% confidence
Finding: This markdown file describes that the skill generates a complete application structure, including multiple directories, but it does not explicitly warn users that executing the command will write many files to the filesystem. For markdown files, user-facing descriptions should disclose behaviors that may affect user data or system state.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal