ClawHub

Prometheus

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Prometheus query skill, but users should protect any monitoring credentials they configure.

Install only if you trust the local Node.js scripts and the Prometheus endpoints you configure. Use read-only, least-privilege Prometheus credentials, prefer HTTPS, avoid committing prometheus.json, restrict access to any config file containing passwords, and avoid running the tool from untrusted directories that may contain unexpected .env files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill documentation describes functionality that uses environment variables and outbound network access to query Prometheus, but the skill declares no corresponding permissions. This creates a transparency and policy gap: users may invoke a skill that can access secrets from the environment and contact arbitrary monitoring endpoints without explicit permission disclosure.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation instructs users to store Prometheus Basic Auth usernames and passwords directly in a JSON config file and environment variables, but it provides no warning about plaintext secret handling. This increases the risk of credential exposure through file disclosure, weak file permissions, backups, shell history, process inspection, or accidental commits.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The init flow prompts for HTTP Basic Auth credentials and persists them directly into a JSON config file, including the password in plaintext. This is dangerous because local users, backups, logs, accidental file sharing, or source control commits can expose Prometheus credentials, which may grant access to monitoring data and potentially internal infrastructure details.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal