ClawHub

Incident Commander

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed incident-response helper that processes local incident data and produces reports, with some operational templates that require human review before use.

Install only if you want an incident-response drafting and analysis aid. Use it to classify incidents and draft timelines, PIRs, runbooks, and communications, but require explicit human approval before running production commands, posting public or customer updates, spending money, or sharing generated reports. Keep incident inputs and outputs in access-controlled locations and redact secrets, tokens, customer data, and internal-only links before distribution.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (10)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill advertises executable workflows that read incident data, write reports, and may interact with external systems, yet it declares no permissions. That mismatch weakens user consent and review boundaries because operators cannot accurately assess what resources the skill may access or modify before use.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The README explicitly encourages writing reconstructed timelines and PIR documents to local files, but provides no warning that these artifacts may contain sensitive incident details, internal system metadata, customer impact information, or other operationally confidential data. In an incident-response context, this omission can lead to insecure storage, accidental commits, or broader distribution of highly sensitive postmortem material.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The examples normalize writing output files such as timeline.md and pir.md without warning about filesystem side effects. In agentic environments, this can lead to unintended overwrites, clobbering of analyst artifacts, or persistence of sensitive incident data in local files without informed consent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This incident report template encourages inclusion of operational details, participant names, communication summaries, and reference links, but it does not instruct authors to exclude secrets, credentials, tokens, customer PII, or sensitive internal URLs. In incident-response workflows, reports are often widely shared across teams or retained long-term, so missing redaction guidance materially increases the chance that sensitive data from logs, dashboards, chat transcripts, or links will be copied into the document and later exposed.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The runbook includes rollback and restart-like remediation steps without explicitly warning operators about customer impact, pre-checks, or post-action verification beyond a minimal status check. In an incident-response skill, operators may execute these commands under pressure, so omission of safeguards can lead to avoidable service disruption or masking of root cause.

Missing User Warnings

High
Confidence
98% confidence
Finding
The instruction to terminate database backends is operationally dangerous because it can kill legitimate active sessions, abort transactions, and cause immediate user-visible failures or data consistency risks at the application layer. In an incident runbook, such a command is likely to be copied directly during an outage, making the lack of warnings, selection criteria, and approval gates especially hazardous.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Deleting a pod forcibly terminates the running workload and may drop in-flight requests, especially if readiness, draining, or replica health are not verified first. Because this is framed as a simple mitigation step in a generic template, it encourages direct execution without confirming redundancy, disruption budgets, or whether the restart could worsen the incident.

Natural-Language Policy Violations

Low
Confidence
91% confidence
Finding
This sample incident dataset contains realistic employee names, direct company email addresses, and operational incident details without any indication that the data is fictitious or sanitized. Even if used as demo content, publishing internal-style identities and contact information can enable phishing, social engineering, unwanted contact, or accidental disclosure of real organizational structure and incident-response practices.

Natural-Language Policy Violations

Medium
Confidence
93% confidence
Finding
This sample incident record includes full responder and incident commander names, which are personal identifiers not necessary for demonstrating incident structure. If this file is distributed with the skill, it can expose employee identities and internal operational roles, enabling unnecessary privacy leakage and potential social engineering against named responders.

Natural-Language Policy Violations

Low
Confidence
93% confidence
Finding
The sample timeline embeds real-looking personal names and company email addresses in a distributed asset file without any indication that they are synthetic, consented, or sanitized. Even in example data, this creates unnecessary exposure of personally identifiable information and can normalize unsafe handling of employee identity/contact data in incident artifacts.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal