Angular Frontend
Security checks across malware telemetry and agentic risk
Overview
The skills mostly match ClawHub and Convex development workflows, but one review helper defaults to running a nested Codex process with full filesystem access and approval bypass.
Review before installing if you do not want a skill that can invoke nested agents with full local access. For the autoreview helper, use --no-yolo or set AUTOREVIEW_YOLO=0 unless you explicitly trust the nested reviewer. Only use the ClawHub moderation skill from an authorized staff environment, and check each command before confirming writes or emails.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
38/38 vendors flagged this skill as clean.