Cuihua Config Validator
Security checks across malware telemetry and agentic risk
Overview
This config-validation skill is coherent and locally scoped, but users should be careful when asking it to inspect secret-bearing config files such as .env files.
This skill appears safe for ordinary config validation. Before installing or using it, remember that .env files, package configs, and deployment configs can contain secrets, tokens, or internal system details, so provide only files you are comfortable having the agent review.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If you ask the skill to check a .env file or secret-filled config, those secrets may be visible to the agent during the review.
The skill is explicitly intended to inspect .env/config content that may contain secrets. This is purpose-aligned for validation and no storage or exfiltration is shown, but users should recognize that secret-bearing files may enter the agent/model context.
> "Check .env file" ... "Security risks (hardcoded secrets)"
Only provide files you intend the agent to inspect, and redact production secrets unless checking them is necessary.