ClawHub

AMG PostgreSQL Flexible Server Health Check

Security checks across malware telemetry and agentic risk

Overview

This Azure health-check skill appears purpose-aligned, but it should be reviewed because it stores cloud operational findings across sessions without clear user control.

Install only if you are comfortable with the skill retaining Azure PostgreSQL operational findings across sessions. Before use, decide whether the persistent report should be minimized or deleted after each engagement, and avoid running generated shell commands on untrusted or unsanitized diagnostic output.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The error-handling guidance tells the agent to write tool output to a local file and then execute arbitrary local interpreters or shell utilities (`node`, `python`, `jq`, `pwsh`) to parse it. That expands the skill's capabilities beyond Azure health-check queries into host-level code execution, which is not necessary for the stated purpose and creates a clear path for command injection, unsafe parsing of adversarial data, or abuse of local environment access if the saved content or command arguments are influenced by untrusted input.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly persists operational findings to `memory/amg-check-pg-flex/report.md` and even instructs updating it across sessions, but the user-facing description does not clearly warn that telemetry-derived server inventory and issue history will be retained. This creates a real privacy and data-governance risk because subscription IDs, ARM IDs, server names, regions, and incident history can accumulate in persistent storage without informed user consent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal