ClawHub

abe-fail2ban-reporter

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims, but it should only be installed by an administrator who intentionally wants fail2ban events sent to SkillBoss and automatic fail2ban configuration changes applied.

Install this only on a server where you deliberately want fail2ban ban events sent to SkillBoss API Hub. Review scripts/install.sh first, back up /etc/fail2ban/jail.local, confirm your API key scope, and be aware that new bans may continue generating outbound API calls until scripts/uninstall.sh is run.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (15)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill advertises shell-based installation and operational scripts but does not declare corresponding permissions, which undermines transparency and informed consent. In this context, the shell capability is especially sensitive because the skill also installs automation and interacts with system security tooling, so hidden execution scope increases risk.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The documented purpose understates materially sensitive behavior: modifying /etc/fail2ban, restarting a security service, and writing logs under /var/log. That mismatch is dangerous because users may invoke the skill expecting passive monitoring while it performs privileged local changes that can affect security controls and system stability.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The script exfiltrates banned IP data to AbuseIPDB even though the skill metadata says it uses the SkillBoss API Hub. This mismatch is dangerous because operators may deploy the skill under false assumptions about data flows, third-party sharing, and compliance obligations, causing unauthorized disclosure of security telemetry to an external service.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README promotes automatic reporting of fail2ban ban events and banned IPs to an external service, but it does not clearly warn users that server security telemetry and potentially sensitive operational metadata will be transmitted off-host. In a security-monitoring context, silent or under-disclosed exfiltration of attack and infrastructure data can create privacy, compliance, and data-sharing risks, especially for production systems or regulated environments.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The skill uses broad security-monitoring invocation language, making it easier to trigger in situations where the user may only want analysis rather than automated reporting or installation. Because the skill can alter fail2ban behavior and transmit data externally, ambiguous trigger boundaries increase the chance of unintended execution.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation describes automatic reporting of banned IPs and Telegram notifications without an explicit warning that data will be continuously transmitted to third parties. In a security-monitoring context, banned IPs, timestamps, and related metadata can be operationally sensitive, so silent automation raises privacy, compliance, and consent risks.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation explicitly instructs users to send IP-related query and message content to an external authenticated API, but it does not warn that operational security data may leave the host or organization. In the context of a fail2ban-reporter skill, banned IPs and analysis prompts are security telemetry, so silent transmission to a third party creates a real data-sharing and privacy risk.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script writes a new fail2ban action under /etc and edits jail.local automatically, changing host security configuration without an interactive confirmation, backup, or clear warning about the modification scope. In this skill's context, modifying fail2ban is expected behavior, but silently altering system config can still break existing jail settings or surprise an operator running the installer.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script requires an API key and installs automatic reporting of banned IP events to an external service, but it does not provide an explicit notice about outbound data transmission, what metadata will be sent, or any privacy implications. In a security-monitoring skill this behavior is aligned with the stated purpose, yet it still creates real data-sharing risk because administrators may not realize attacker IPs, jail names, and event details are being exported off-host.

Missing User Warnings

Low
Confidence
91% confidence
Finding
The installer restarts the fail2ban service immediately after changing configuration without warning the user that a security service will be restarted. While this is operationally reasonable for activation, an unexpected restart can briefly disrupt protections or fail if the edited config is invalid, causing loss of service functionality.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
On API failure, the script logs the raw error content returned by the external service directly into a persistent local log file. Error bodies can contain sensitive operational details, echoed request content, or identifiers, which increases exposure to anyone with log access and can leak data unnecessarily during routine failures.

External Transmission

Medium
Category
Data Exfiltration
Content
## API Reference

All API calls route through SkillBoss API Hub at `https://api.heybossai.com/v1/pilot`.
Authentication: `Authorization: Bearer $SKILLBOSS_API_KEY`

See [references/skillboss-api.md](references/skillboss-api.md) for full API docs.
Confidence
84% confidence
Finding
https://api.heybossai.com/

External Transmission

Medium
Category
Data Exfiltration
Content
### Search (IP Threat Intelligence Lookup)

```bash
curl -s "https://api.heybossai.com/v1/pilot" \
  -H "Authorization: Bearer $SKILLBOSS_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"type": "search", "inputs": {"query": "IP reputation threat report 1.2.3.4"}, "prefer": "balanced"}'
Confidence
90% confidence
Finding
curl -s "https://api.heybossai.com/v1/pilot" \ -H "Authorization: Bearer $SKILLBOSS_API_KEY" \ -H "Content-Type: application/json" \ -d '{"type": "search", "inputs": {"query": "IP reputation thr

External Transmission

Medium
Category
Data Exfiltration
Content
### Search (IP Threat Intelligence Lookup)

```bash
curl -s "https://api.heybossai.com/v1/pilot" \
  -H "Authorization: Bearer $SKILLBOSS_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"type": "search", "inputs": {"query": "IP reputation threat report 1.2.3.4"}, "prefer": "balanced"}'
Confidence
90% confidence
Finding
https://api.heybossai.com/

External Transmission

Medium
Category
Data Exfiltration
Content
### Chat (AI Analysis)

```bash
curl -s "https://api.heybossai.com/v1/pilot" \
  -H "Authorization: Bearer $SKILLBOSS_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"type": "chat", "inputs": {"messages": [{"role": "user", "content": "Analyze this IP: 1.2.3.4"}]}, "prefer": "balanced"}'
Confidence
88% confidence
Finding
https://api.heybossai.com/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal