ClawHub
Back to skill

Security audit

SIFS Search: Fast hybrid code search for agents

Security checks across malware telemetry and agentic risk

Overview

The inspected skills are coherent developer and ClawHub operations helpers, with sensitive actions mostly disclosed and guarded by user-directed workflows.

Install only in a trusted ClawHub or Convex development environment. Be especially careful with the moderation and PR-maintainer skills because they can make persistent account, content, and GitHub changes when invoked; use dry-runs, confirmations, and the autoreview no-yolo option when broader local access is not appropriate.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.