ClawHub

Safeagentdb

Security checks across malware telemetry and agentic risk

Overview

The skill is coherent and not malicious, but it automates high-privilege database and deployment changes with some destructive preview-data operations that need careful review before use.

Install only if you intend to give the agent controlled access to Supabase, Vercel, and GitHub automation. Before enabling it, review the hydration settings, keep copyAuthUsers and copyPublicData off unless you explicitly need them, avoid copying production data into previews, scope provider tokens tightly, and confirm that service-role keys used in Vercel previews cannot reach client code or logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill explicitly instructs the agent to perform actions that involve environment variables, cloud credentials, and external services, but it does not declare any permissions or capability boundaries. This creates a transparency and least-privilege problem: a host system or user may invoke the skill without realizing it can access env/network resources and potentially modify deployment or database infrastructure.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script writes the Supabase service-role key into Vercel preview environment variables, making a highly privileged database secret available to preview deployments. Preview environments are commonly less trusted than production, so any app bug, SSR leak, logging issue, or teammate access to preview envs could expose a key that bypasses RLS and grants full administrative access to the preview database.

Missing User Warnings

High
Confidence
94% confidence
Finding
The code deletes users from the target preview auth store if they do not exist in the source, then recreates and resets passwords for copied users to a shared preview password. This is destructive identity synchronization that can erase preview-only accounts, weakens account security, and creates a single password across many accounts, increasing the chance of unauthorized access if the preview system is reachable.

Missing User Warnings

High
Confidence
96% confidence
Finding
The script truncates all selected public tables in the target database and repopulates them from the source, which is a destructive operation. If the wrong branch, project reference, or credentials are supplied, this can wipe data in an unintended environment; even in previews, it may destroy analyst/test data and copy sensitive records into a broader-access context.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal