nas-master
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This NAS skill is purpose-aligned but needs review because it requests admin NAS/SSH access and broad, persistent indexing of hidden NAS metadata without clear scope or retention controls.
Review before installing. Use only if you intentionally want broad NAS inventorying. Configure a dedicated read-only NAS/SSH account, pin the NAS SSH host key, restrict NAS_ROOT_PATH/NAS_VOLUMES to specific shares, exclude sensitive hidden folders unless required, and secure or periodically delete the MySQL database and any generated dashboard. No artifact shows exfiltration or destructive NAS commands, but the requested access is powerful.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A durable database of private NAS structure, file names, paths, and permissions could be exposed locally or reused in later tasks beyond the user's intent.
This directs broad, persistent indexing of private NAS file and permission metadata, including hidden/system areas, without clear exclusions, retention limits, or approval boundaries.
Recursively scan every folder in `NAS_VOLUMES`... Capture: Name, Path, Size, Extension, and Windows ACLs. Deep Search: Scrape hidden folders like `.@metadata`, `.@encdir`, and `.@plugins`... Persistence: Use `INSERT IGNORE`
Use explicit allowlisted paths, exclude sensitive/system folders unless needed, confirm before each scan, restrict database access, and define retention/deletion rules.
If the skill or environment is misconfigured or compromised, the agent would have administrator-level NAS access and broad local database authority.
The skill expects privileged NAS/SSH credentials and local database root access, while the registry metadata declares no primary credential or required environment variables.
NAS_USER="admin" ... NAS_SSH_USER="admin" ... NAS_SSH_PASS="YourPassword" ... DB_USER="root" ... DB_PASS=""
Use a dedicated least-privilege read-only NAS/SSH account, a limited MySQL user for the specific database, and declare all credential requirements clearly before installation.
A spoofed or intercepted NAS SSH endpoint could receive credentials or return misleading system metadata.
The SSH client automatically trusts unknown host keys while using password authentication and then runs remote commands; the commands are read-only, but host authenticity is not verified.
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) ... ssh.connect(os.getenv("NAS_SSH_HOST"), username=os.getenv("NAS_SSH_USER"), password=os.getenv("NAS_SSH_PASS"))Require known_hosts validation or explicit fingerprint confirmation, and keep the remote command set fixed and read-only.
Users may not realize the skill requires extra tools, Python packages, and secrets until runtime.
The skill's own frontmatter lists tools and environment variables, but the registry section says no required binaries, env vars, or primary credential, and there is no install spec or dependency pinning.
requires: bins: ["python", "php", "mysql", "powershell", "ssh"] env: ["NAS_VOLUMES", "NAS_USER", "NAS_PASS", "NAS_SSH_HOST", "NAS_SSH_USER", "NAS_SSH_PASS", "DB_PASS"]
Align registry metadata with the skill requirements and provide pinned, auditable dependency instructions.
A user could misunderstand 'read-only' as meaning the skill makes no local changes or persistent records.
The read-only claim appears to mean no destructive NAS operations, but the skill still writes persistent local database records and may generate a local dashboard.
**Strict Read-Only:** Never use `os.remove`, `os.rename`, or any destructive SSH commands... **Persistence:** Use `INSERT IGNORE` to resume interrupted scans.
Clarify that read-only applies to NAS mutation only, and explicitly list all local files, database tables, and dashboard paths the skill may create or update.