ClawHub

Database Helper

Security checks across malware telemetry and agentic risk

Overview

This skill is not malware, but its database-helper purpose is mixed with unrelated learned material and very broad triggers, so users should review it before installing.

Install only if you are comfortable with an auto-generated, weakly curated helper. Before using it for real database work, remove unrelated learning sections, narrow the triggers to explicit SQL/schema tasks, and treat any generated DROP/CREATE or schema-changing SQL as requiring manual review.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The skill is labeled as a database helper, but its embedded learning history includes unrelated 'helper' material such as Sun-Panel helper, game helper content, and ransomware-related video titles. This creates supply-chain and prompt-scope confusion: a downstream agent may trust the skill as database-specific while inheriting noisy or risky associations from unrelated sources.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
Later sections continue mixing non-database sources into a database skill, showing that the contamination is persistent rather than accidental in a single block. This undermines provenance and can cause incorrect activation, unsafe recommendations, or trust in content that was never vetted for the declared purpose.

Vague Triggers

Medium
Confidence
90% confidence
Finding
These triggers are broad everyday database terms, making the skill likely to activate in ordinary conversations that only mention databases or SQL. Overbroad activation increases the chance that a contaminated or low-quality skill is invoked unintentionally, expanding blast radius and reducing user control.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The manifest trigger 'database helper' is too generic to constrain activation to a safe, well-defined workflow. In systems that auto-route by trigger text, generic phrases can cause accidental invocation and expose users to behavior from a skill whose contents are already provenance-contaminated.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The secondary trigger conditions use broad 'needs help' phrasing, which lacks boundaries and can match many benign conversations. This makes unintentional activation more likely and is more dangerous here because the skill already contains unrelated merged content.

Vague Triggers

Medium
Confidence
88% confidence
Finding
This trigger block again relies on generic topical words and broad help conditions, reinforcing a pattern of weak activation boundaries. Repeated ambiguous triggers increase the chance of misrouting and accidental use of mislabeled or contaminated skill content.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal