ClawHub

AMG Key Vault Health Check

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate Azure Key Vault health-check skill, but it can display and save sensitive operational telemetry.

Install only if you are authorized to inspect the target Azure subscriptions. Use a least-privilege Grafana service-account token, verify the MCP endpoint before registration, and avoid sharing raw outputs that include vault names, subscription IDs, caller IPs, application IDs, or secret/key identifiers. Review and clean up memory/amg-check-key-vault/report.md and config.md if they contain sensitive environment details.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The recovery step tells the operator to save large results to a temp file and then process them with arbitrary local interpreters or shell commands, including approving a Bash prompt. That expands the skill from Azure health-check logic into unrestricted code execution on the analyst's machine, creating a path for prompt-induced execution of unsafe commands and potential exposure of sensitive monitoring data.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly instructs the agent to create and modify persistent local files under `memory/amg-check-key-vault/` (config and report state) without requiring a clear, contemporaneous user confirmation before each write. This creates a stateful side effect that can silently persist sensitive environment details such as subscription IDs, operational findings, and historical incident notes, which is risky in shared workspaces or when users expect a read-only health check.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill directs collection and presentation of authentication-failure logs including source IP addresses and application IDs, but does not include an explicit privacy or sensitivity warning, redaction guidance, or scope minimization. In many environments, these fields are sensitive operational data and could expose client identities, internal network patterns, or incident-response details to users who only requested a health check.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The deep-dive queries explicitly retrieve sensitive operational identifiers such as CallerIPAddress, identity_claim_appid_g, and secret/key resource identifiers (id_s). In a fleet-wide Key Vault health-check skill, these fields can expose internal infrastructure details, client identities, and secret usage patterns beyond what is necessary for basic health diagnostics, increasing privacy and reconnaissance risk if results are broadly surfaced or persistently stored.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The instruction advises writing potentially sensitive Azure monitoring output to a temporary file and processing it with local tools without warning about data handling, retention, or execution risk. In this skill's context, the data may include resource identifiers, operational metadata, and logs, so encouraging temp-file storage and ad hoc interpreter use increases the chance of leakage, unsafe command composition, and accidental execution of attacker-influenced content.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal