ClawHub

AMG Cosmos DB for MongoDB (RU) Health Check

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Azure/Grafana monitoring skill, but it handles sensitive cloud inventory and stores local health-check reports.

Install only if you intend to run fleet-wide Cosmos DB monitoring through your Azure Managed Grafana environment. Use a least-privileged Grafana service-account token, choose the narrowest practical subscription and time range, approve only expected local parsing commands, and periodically review or delete the local memory report if it contains sensitive infrastructure details.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The guidance explicitly tells the operator to save output to a temporary file and parse it with arbitrary local interpreters or shell commands (`node`, `python`, `jq`, `pwsh`), and even to approve a Bash prompt. That expands the skill from Azure monitoring into local code execution on the analyst machine, creating a path for command injection, unsafe handling of untrusted data, and unnecessary host-side risk if copied or adapted blindly.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill explicitly instructs the agent to save monitoring data to a temp file and use local interpreters or shell tools such as node, python, jq, or PowerShell to parse it. That expands the skill from cloud monitoring into local code execution and file-system interaction without necessity or guardrails, creating risk of unsafe command construction, execution of attacker-controlled content, or unintended access to local environment data.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill explicitly states it tracks known issues across sessions via a persistent report, and later stores account inventory, ARM resource IDs, regions, subscription identifiers, telemetry findings, and root-cause notes in local memory files. This creates a real data-retention/privacy risk because operationally sensitive cloud inventory and health data are persisted without an explicit user warning, retention limit, or consent step.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
These lines instruct the agent to read and update a persistent report with every account, full ARM ID, region, subscription, state, bug status, metric evidence, log evidence, and root-cause analysis. Persisting this level of infrastructure and telemetry detail can expose sensitive operational metadata to later sessions or other local users/processes, especially because the skill does not pair the behavior with explicit privacy and retention controls.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The instruction advises creating temp files and running local commands without any explicit warning about filesystem writes, shell execution, or the fact that the data being parsed may be untrusted or unexpectedly large. In a troubleshooting document for a monitoring skill, this can normalize unsafe operator behavior and lead users to execute commands on their workstation without understanding the security implications.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The instruction to write oversized responses to a temp file and process them with command-line tools omits any warning that the skill may create local files and launch subprocesses. In an agent setting, this undermines informed consent and increases the chance that sensitive monitoring output is persisted locally or exposed through shell/process behaviors the user did not authorize.

VirusTotal

49/49 vendors flagged this skill as clean.

View on VirusTotal