DevOps Pipeline Pro

Security checks across malware telemetry and agentic risk

Overview

This skill is intended for high-impact production data migrations, and its instructions clearly require dry runs, backups, explicit confirmation, verification, and cleanup.

Install this only if you want an agent to help with ClawHub Convex production migrations or destructive cleanup workflows. Treat any production apply step as sensitive: verify the target deployment, review dry-run output, make a manual backup, and give explicit confirmation only when the plan and expected impact are clear.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill advertises deployment, rollback, and infrastructure-changing capabilities without a prominent warning at the capability description point that these actions can modify live systems. In a DevOps automation context, unclear safety messaging can lead users to trigger destructive or production-impacting operations unintentionally, especially because the skill covers Kubernetes, IaC, and rollback flows.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal