Security audit
extract-json
Security checks across malware telemetry and agentic risk
Overview
The artifact contains operational skills with powerful admin, deployment, and observability workflows, but the risky actions are disclosed, scoped, and generally require user direction or confirmation.
Install only in environments where the operator is allowed to perform ClawHub staff actions and query production observability systems. Review the Axiom SRE memory behavior before use, keep API tokens scoped, and require explicit confirmation before running moderation, email, deployment, release, or shared-memory commands.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.
Static analysis
No suspicious patterns detected.
