ClawHub
Back to skill

Security audit

Spec Coder

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only spec-first coding workflow whose project file changes and review auto-approval behavior are disclosed and aligned with its purpose.

Install this if you want an assistant to manage a structured spec-first coding process in your project. Keep the repo under version control, review generated specs and code diffs, avoid putting secrets in spec/status files, and do not enable broad auto-approval preferences if you want explicit confirmation at every gate.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
| **Medium** | Standard | 2–3 roles per gate. |
| **Large** | Full | All listed roles per gate. |

### Auto-Approve Rule

If the review finds **zero Critical and zero Major** issues, present a summary and auto-approve:
Confidence
91% confidence
Finding
Auto-Approve

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
### Auto-Approve Rule

If the review finds **zero Critical and zero Major** issues, present a summary and auto-approve:

> "Expert review complete — no Critical or Major issues found. [N Minor suggestions listed below.] Proceeding to next phase. Reply 'hold' to pause and address Minor items first."
Confidence
95% confidence
Finding
auto-approve

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
- `"Skip UX reviews"` — UX/UI Designer role is omitted from Gate 2.
- `"Focus on security"` — Security Expert role is always included, even on Small track.
- `"Auto-approve all gates"` — all gates auto-approve regardless of severity (user takes full responsibility).
- `"Only flag Critical"` — Major and Minor issues are listed but don't require user response.

If no preferences are set, use the default behavior (track-based depth, standard severity rules).
Confidence
97% confidence
Finding
Auto-approve

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
- `"Skip UX reviews"` — UX/UI Designer role is omitted from Gate 2.
- `"Focus on security"` — Security Expert role is always included, even on Small track.
- `"Auto-approve all gates"` — all gates auto-approve regardless of severity (user takes full responsibility).
- `"Only flag Critical"` — Major and Minor issues are listed but don't require user response.

If no preferences are set, use the default behavior (track-based depth, standard severity rules).
Confidence
97% confidence
Finding
auto-approve

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.