ClawHub

Cis Rhel Openeuler Coverage

Security checks across malware telemetry and agentic risk

Overview

This skill is a document-analysis helper that reads user-provided CIS/OpenEuler files and writes local reports, with no evidence of hidden network use, persistence, credential access, or system modification.

Install only if you need CIS RHEL-to-OpenEuler baseline coverage analysis. Provide only the intended PDF/Markdown paths, and direct outputs to a working report directory because the scripts create JSON, CSV, and summary files locally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill instructs the agent to read user-supplied files, generate intermediate JSON outputs, and write CSV reports, but it does not declare any permissions. This mismatch weakens enforcement and review because the platform and users cannot clearly see that the skill performs file reads and writes, increasing the risk of unintended filesystem access if the skill is invoked on sensitive paths.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger phrase '规则覆盖检查' is generic and ambiguous, so the skill may be selected for many unrelated rule-checking tasks. Because this skill is designed to parse files and produce outputs, misrouting ordinary requests into it can lead to unnecessary file access, incorrect automation, and execution of the wrong workflow on user-supplied content.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger phrase '规则覆盖检查' is generic and ambiguous, so the skill may be selected for many unrelated rule-checking tasks. Because this skill is designed to parse files and produce outputs, misrouting ordinary requests into it can lead to unnecessary file access, incorrect automation, and execution of the wrong workflow on user-supplied content.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal