ClawHub

ROCm vLLM Deployment

Security checks across malware telemetry and agentic risk

Overview

This deployment skill is coherent, but it exposes parts of Hugging Face tokens and stores sensitive deployment details in local reports, so it needs review before use.

Install only on a dedicated ROCm deployment host. Use a least-privilege Hugging Face token, avoid putting it in shell profiles when possible, do not share DEPLOYMENT_REPORT.md, deployment.log, or test-results.json without redaction, and pin the Docker image before production use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The script writes the presence of HF_TOKEN and the first 10 characters of its value into a markdown report. Even partial credential disclosure is sensitive because it aids token identification, correlation across logs/reports, and increases the blast radius if reports are shared, committed, or stored insecurely.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill recommends storing HF_TOKEN persistently in ~/.bash_profile as a standard production practice without adequately warning about credential exposure on shared hosts, inherited environments, backups, or accidental disclosure through profile inspection. Persistent shell-profile storage broadens the token's lifetime and exposure surface beyond the immediate deployment task.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script prints the first 10 characters of HF_TOKEN to stdout, which can leak credential material into terminal scrollback, CI logs, orchestration logs, or support bundles. Even partial secrets should be treated as sensitive because they aid token identification, correlation, and accidental disclosure in shared environments.

Missing User Warnings

High
Confidence
99% confidence
Finding
The generated report exposes a prefix of the HF_TOKEN without warning or redaction, which is a direct credential-handling weakness. In deployment tooling, reports are often archived, uploaded to tickets, or shared with operators, so leaking even a token fragment materially increases the chance of credential exposure and misuse.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal