ClawHub

运维智能巡检系统

Security checks across malware telemetry and agentic risk

Overview

This ops inspection skill is not malware, but it needs Review because parts of its default health report are randomly generated while presented as operational findings.

Install only if you treat this as a demo or partial local health-check script. Do not rely on the Kubernetes, log, or business metric sections for production decisions unless they are replaced with real data collection and clearly labeled fallback behavior; also verify report file locations and permissions before using --export or cron.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The K8S inspection claims to assess real cluster health but actually fabricates random values. In an operations/security context this is dangerous because it can mislead users into acting on false health information, mask real incidents, or create false reassurance during outages.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The log inspection presents itself as analysis but returns random synthetic findings instead of reading actual logs. In a monitoring skill, this undermines trust and can hide errors, delay incident response, or trigger unnecessary remediation based on fake anomalies.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The business inspection generates random business success rates and latency while claiming to inspect operational business metrics. This is dangerous in production because stakeholders may make reliability or revenue-impacting decisions based on fabricated telemetry.

Missing User Warnings

Low
Confidence
87% confidence
Finding
The export function writes a detailed JSON report containing hostnames, OS details, health data, and service information to disk. In an operational environment this can create an unintended sensitive artifact that may be read by other users, backed up, or exfiltrated if file permissions and storage location are not controlled.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal