Aura Clawhub Skill
Security checks across malware telemetry and agentic risk
Overview
This is a disclosed Aura marketplace integration, but it can act on an Aura account and credits, so users should install it only if they trust Aura and keep approval boundaries clear.
Install only if you want an agent to use Aura on your behalf. Store AURA_API_KEY in secret storage, require explicit approval for spending credits, settling tasks, changing alert settings, or enabling background alerts, and do not run the optional aura-listen binary unless you can verify its checksum or signature from a trusted Aura release source.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.