ClawHub

datasource

Security checks across malware telemetry and agentic risk

Overview

This NocoBase modeling skill appears legitimate, but it can guide an agent to make persistent database schema and data changes with broad triggers and no built-in confirmation step.

Install only if you intentionally want an agent to help administer NocoBase schemas. Use it first on a development or backed-up database, review the generated SQL before execution, and require explicit confirmation before any table creation, field sync, relation creation, or seed-data insert is run.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger set includes broad terms like '字段', '关系', 'collection', and 'create table', which can activate the skill for generic discussion rather than explicit intent to modify a NocoBase schema. In this skill, accidental activation is more dangerous because the instructions drive the agent toward executing SQL and metadata-changing tool calls that alter persistent database structures.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs the agent to execute SQL DDL to create tables in bulk without requiring a safety notice, dry-run, preview, or explicit confirmation that persistent schema changes will occur. In the context of an agent with direct access to nb_execute_sql and other write-capable tools, this materially increases the risk of unintended database modification from ambiguous or mistaken user requests.

Missing User Warnings

Low
Confidence
92% confidence
Finding
The seed-data section encourages INSERT operations without clearly warning that the action writes persistent records and may affect production behavior, tests, analytics, or referential integrity. Even though labeled optional, it still normalizes direct data writes by the agent without a confirmation barrier.

Shadow Command Trigger

Medium
Category
Trigger Abuse
Confidence
70% confidence
Finding
The trigger 'create table' can plausibly conflict with a built-in 'create' command and cause this skill to intercept requests that users intended for a different tool or system path. In a data-modeling skill, that confusion is more significant because users may be attempting schema changes, so accidental activation could lead to incorrect guidance, unintended operations, or bypass of safer built-in flows.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal