Tokenburg
Security checks across malware telemetry and agentic risk
Overview
The skill bundle is mostly coherent, but it needs review because one helper defaults to running a powerful nested review command with sandbox and approval protections bypassed.
Install only if you trust these ClawHub maintenance workflows and understand the local authority they grant. For normal review use, consider running autoreview with --no-yolo and --fallback-reviewer none unless you intentionally want full-access nested review or external second-opinion review. Use the moderation and publish commands only from a trusted repo with the expected ClawHub credentials.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.