ClawHub

AMG Storage Account Health Check

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Azure Storage diagnostics skill, but it needs review because it can run local parsing commands and persist operational findings without strong user controls.

Review before installing. Use a read-only Grafana/Azure token scoped to the intended subscriptions, avoid approving ad hoc local parsing commands unless you understand the data being processed, and inspect or delete memory/amg-check-storage-account files if you do not want diagnostic findings retained across sessions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The guidance explicitly instructs saving data to a temp file and invoking arbitrary local interpreters or shell commands (`node`, `python`, `jq`, `pwsh`) to process oversized results. That expands the skill from Azure monitoring into unrestricted local code execution pathways, which is not necessary for a storage-account health check and could be abused if tool output or later prompts influence the commands being run.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill explicitly instructs the agent to read, create, and update a persistent workspace file (`memory/amg-check-storage-account/report.md`) after presenting findings, but it does not prominently warn the user that invoking the skill will modify local state. This creates an integrity and privacy risk because routine analysis can silently persist telemetry-derived conclusions across sessions, potentially overwriting prior notes or storing sensitive operational data without explicit consent.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The authentication failure query surfaces CallerIpAddress and UserAgentHeader values, which can reveal sensitive operational identifiers and client fingerprinting data to whoever runs the skill. In this skill's fleet-wide storage health-check context, broad access to cross-account logs increases the chance of unnecessary exposure of internal or external client metadata without an explicit warning, minimization, or access-control guardrail.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal