专业财务分析助手
Security checks across malware telemetry and agentic risk
Overview
The reviewed skills mostly match their stated ClawHub and Convex workflows, but the autoreview helper defaults to bypassing sandbox and approval protections and may route diffs to fallback reviewer tools.
Review the autoreview helper before installing or using this skill bundle. Use the --no-yolo option if you do not want nested Codex review to bypass sandbox and approval protections, and disable or pin fallback reviewers if repository diffs should not be sent to other local AI CLI tools. The moderation and PR-proof workflows should only be used by staff or maintainers with the intended ClawHub/GitHub authority.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.