Context Driven Development

Security checks across malware telemetry and agentic risk

Overview

This skill is a documentation workflow that reads a project to create local context files, with no hidden network use, credential handling, or unsafe automation found.

Safe to install for projects where you are comfortable with the agent reading repository files and creating local context markdown. Review the generated context files before relying on them, because they can shape future AI-assisted work. Prefer the ClawHub install command over the README's moving GitHub branch command unless you inspect or pin that source.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Rogue AgentSelf-Modification, Session Persistence
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Context Leakage

High

Category: Data Exfiltration
Content: ## Setup: Existing Project (Brownfield) For existing codebases, extract context from what exists: 1. **Analyze the codebase:** - Read package.json, requirements.txt, go.mod, etc.
Confidence: 75% confidence
Finding: extract context

Session Persistence

Medium

Category: Rogue Agent
Content: From your project root: ```bash mkdir -p .cursor/skills cp -r ~/.ai-skills/skills/meta/context-driven-development .cursor/skills/context-driven-development ```
Confidence: 60% confidence
Finding: mkdir -p .cursor/skills cp -r ~/.ai-skills/skills/meta/context-driven-development .cursor/skills/context-driven-development ``` #### Cursor (global) ```bash mkdir -p ~/.cursor/skills cp -r ~/.ai-ski

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal