Security audit
expense-note
Security checks across malware telemetry and agentic risk
Overview
The inspected skills are coherent ClawHub and Convex workflow helpers, with sensitive actions disclosed and guarded rather than hidden.
Install only if you want ClawHub/Convex development and moderation assistance. Be especially careful with the moderation skill and the autoreview helper's default full-access nested Codex review; use the documented confirmation steps and opt out with --no-yolo when you do not want that level of local authority.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.
Static analysis
No suspicious patterns detected.
