ClawHub

my skill

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent DMS/database administration guide, but it needs Review because it gives high-impact database and account-management instructions with unsafe examples and inconsistent PostgreSQL safety guidance.

Review carefully before installing. Use only with a trusted and version-pinned DMS CLI, least-privilege accounts, secure secret handling outside chat and shell history, and explicit human confirmation for any write, delete, team/user, workorder, or permission change. For PostgreSQL, independently verify the login database with current_database() and do not rely on --database, --db-id, or --schema-id to switch databases.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The document earlier states that PostgreSQL database selection must occur at login via `--db-name`, because `--database` and `--db-id` do not switch the bound connection. This later guidance directly contradicts that warning and may cause operators or agents to run write queries against the wrong PostgreSQL database, creating a real integrity and change-control risk.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The worked example instructs use of `--database`, `--db-id`, and `--schema-id` for PostgreSQL after the document already explains these do not change the active database connection. In a DMS skill whose purpose is to automate database operations, such a conflicting example is especially dangerous because it can silently direct DDL or data writes into the wrong production or tenant database.

Ssd 3

High
Confidence
97% confidence
Finding
The skill embeds real-looking secrets and repeatedly instructs operators to place passwords, JWTs, XSRF tokens, local auth cookies, and instance tokens directly into commands and configuration. In an agent setting, this creates a strong risk of credential disclosure via logs, chat transcripts, shell history, screenshots, copied configs, or downstream tool telemetry, and it normalizes unsafe secret handling.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal