ClawHub

Vvvv Custom Nodes

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only coding aid for vvvv custom nodes, with no install scripts or credentials requested; review generated code before running nodes that access files, services, or network ports.

This skill appears safe as an instruction-only vvvv C# coding reference. Before running generated code, especially nodes involving file paths, WebSocket servers, Redis/service access, GPU/native resources, or host services, review the code and defaults to make sure they match what you intended.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#
ASI02: Tool Misuse and Exploitation
Low
What this means

If you ask the agent to create nodes like these and then run them in vvvv, they may read local files or open a network listener.

Why it was flagged

The skill documents example node code that can read a user-provided file path or start a WebSocket server. This is purpose-aligned for custom node development and is not executed by the skill itself, but generated code with these patterns can affect the local environment.

Skill content
Loads a configuration file... LoadConfig(path); ... _server = new WebSocketServer(port); _server.Start();
Recommendation

Review generated node code before running it, keep network/file behavior explicit, and prefer disabled-by-default server nodes unless you intentionally want a listener.

#
ASI03: Identity and Privilege Abuse
Info
What this means

Generated nodes may interact with vvvv application services, logging, frame timing, or rendering resources.

Why it was flagged

The skill teaches generated nodes to access vvvv host services and Stride game resources through NodeContext. This is central to the stated purpose, but it means generated nodes may run with the host application's available privileges.

Skill content
_service = nodeContext.AppHost.Services.GetRequiredService<MyService>(); ... _gameHandle = nodeContext.AppHost.Services.GetGameHandle();
Recommendation

Only grant or use host services needed for the node, dispose resource handles, and inspect service access in generated code.