ClawHub

HAP升级指南

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This skill is mostly an upgrade-document generator, but it needs review because it can silently create files and publishes production-impacting commands, including remote script execution and weak default credential examples.

Install only if you are comfortable with a skill that generates local Markdown/HTML upgrade guides and includes copy-pasteable production commands. Before using any generated guide, verify commands against the official HAP documentation, avoid curl-pipe-bash unless you have independently downloaded and verified the script, replace default credentials with secure handling, and require human approval before executing any service restart, database migration, or Kubernetes/Docker change.

SkillSpector (5)

By NVIDIA

Vague Triggers

High
Confidence
96% confidence
Finding
The trigger condition is overly broad and mandates invocation for loosely related upgrade tasks, which can cause the agent to activate this skill in situations where the user did not explicitly request it. In context, this matters because the skill also instructs document generation, web fetching, and file output, so over-triggering expands the chance of unintended side effects or unsafe operational guidance being produced.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs automatic Markdown-to-HTML generation and local file writes without an explicit user-facing confirmation step. In an agent setting, silent file creation/modification is dangerous because a simple advisory request could cause unexpected filesystem changes, which is especially risky when paired with a broad auto-trigger condition.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The template instructs operators to run impactful upgrade commands and, in one case, execute a remotely fetched shell script via curl-pipe-bash. Although this is an operational upgrade guide rather than overtly malicious content, it can directly trigger service changes, downtime, and supply-chain risk if copied into an agent workflow without strong confirmation and safety gating. The skill context increases risk because it is specifically meant to guide private deployment upgrades, so users are more likely to trust and execute these commands in production.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The template includes a MySQL command with hardcoded default credentials (`-uroot -p123456`) and frames them as defaults operators may use during upgrade steps. Even though it briefly mentions changing them if customized, publishing reusable admin credentials in operational documentation encourages insecure copy-paste behavior, increases accidental credential exposure in shell history/process lists, and can normalize leaving weak defaults in production.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The file instructs users to execute shell commands that fetch scripts directly over the network via curl and immediately pass them to bash. This is dangerous because any compromise of the hosting endpoint, CDN, DNS, TLS trust chain, or script content can result in arbitrary code execution on production upgrade hosts, and the command library provides no explicit integrity verification, pinning, or warning about that risk.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal