Academic Literature Review Assistant
Security checks across malware telemetry and agentic risk
Overview
The inspected artifacts appear to be disclosed development and maintainer workflow guidance with no evidence of malware, hidden exfiltration, or automatic destructive behavior.
Install only if you expect ClawHub/Convex development or maintainer workflows. Some commands can affect repositories, GitHub PRs, or ClawHub moderation state, so use them from a trusted checkout with the appropriate account and review confirmations before writes.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.