Back to skill

Security audit

expense-note

Security checks across malware telemetry and agentic risk

Overview

The inspected skills are coherent ClawHub and Convex workflow helpers, with sensitive actions disclosed and guarded rather than hidden.

Install only if you want ClawHub/Convex development and moderation assistance. Be especially careful with the moderation skill and the autoreview helper's default full-access nested Codex review; use the documented confirmation steps and opt out with --no-yolo when you do not want that level of local authority.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.