ClawHub
Back to skill

Security audit

modora

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed remote PDF-analysis helper that uploads user-selected PDFs and questions to a configured MoDora service.

Install only if you trust the MoDora server you configure, especially the default remote endpoint. Use a dedicated, revocable API key, avoid uploading confidential or regulated PDFs unless that endpoint is approved for that data, and keep secrets in environment variables rather than settings files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal