GitHub CLI
Security checks across malware telemetry and agentic risk
Overview
The skill artifacts are coherent operational guidance for ClawHub and Convex workflows, with sensitive actions disclosed and gated by user direction or existing auth checks.
This skill set is appropriate for trusted ClawHub maintainers or developers. Before installing, be aware that some workflows can perform real moderation, GitHub, Convex, or local command actions using your existing credentials; use the confirmation steps, review exact commands before writes, and use the autoreview no-yolo option if you do not want nested review to run with full local access.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.