ClawHub

Migration Architect

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a migration-planning toolkit, but its generated rollback guidance includes automatic high-impact rollback triggers and destructive production-style commands without strong approval guardrails.

Install only if you need migration-planning assistance and will review all generated plans manually. Do not let an agent automatically execute the generated rollback runbooks; require explicit human approval, verified backups, staging validation, target-environment confirmation, and migration-specific correlation before using any SQL, cloud, Kubernetes, Terraform, or restore command.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (14)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill advertises tooling and example workflows that imply filesystem access, script execution, and possible networked validation, but it declares no permissions or capability boundaries. In an agent environment, this mismatch can lead to over-privileged or opaque execution of migration-related actions, increasing the risk of unintended file changes, shell execution, or external connectivity without informed user approval.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill contains extensive guidance for rollback, schema changes, dual writes, infrastructure cutovers, and decommissioning, all of which can affect production systems or data integrity, but it lacks a prominent warning that these actions are operationally risky and may be destructive if applied without review. In a powerful agent setting, presenting such procedures without explicit guardrails can normalize unsafe execution and reduce the likelihood of human validation before impactful changes.

Vague Triggers

Medium
Confidence
96% confidence
Finding
The runbook defines multiple rollback triggers with auto_execute enabled based on broad service-health signals such as error-rate spikes, availability drops, and any data validation failure, but it does not include scope checks, maintenance-window awareness, correlation to the migration itself, or human approval gates. In a migration skill, this can cause unsafe autonomous rollbacks during unrelated incidents or transient noise, potentially triggering destructive database changes and service instability at the worst possible time.

Missing User Warnings

High
Confidence
98% confidence
Finding
The preparation rollback phase contains destructive SQL that drops a table and stored procedure, yet the manifest provides no explicit operator confirmation, safety prompt, backup verification at step level, or environment restriction before execution. In rollback automation context, destructive cleanup is especially risky because an operator or agent may execute it in the wrong database or before forensic/debug data is preserved, causing irreversible loss of migration artifacts needed for recovery or investigation.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The runbook defines automatic rollback triggers using broad operational thresholds without sufficient scoping, approval gates, or safeguards to distinguish localized anomalies from true migration failures. In a production migration context, this can cause unnecessary or cascading rollbacks, service disruption, and potential data inconsistency if destructive rollback steps are triggered on weak signals.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The document includes destructive SQL and restore commands affecting production-like systems, but does not provide an explicit warning about irreversible data loss, downtime, or the need for operator confirmation before execution. In a rollback runbook, this omission is dangerous because users may execute high-impact commands under incident pressure without understanding blast radius or validating backup integrity first.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The document includes concrete automation patterns that insert and update target-system records as part of reconciliation, but it does not pair those actions with strong guardrails, approval requirements, rollback guidance, or prominent warnings about destructive business impact. In a migration skill, operators may treat these examples as approved practice and run them against production-like systems, leading to unintended data modification, corruption, or propagation of source-side errors into the target.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The tool serializes and writes compatibility reports that include schema_before and schema_after content to disk. Database schemas and API schemas often contain sensitive internal structure, field names, endpoints, and sometimes embedded defaults or configuration details; writing them to files without an explicit warning, redaction option, or tighter output controls can expose sensitive information to other local users, backups, logs, or CI/CD artifacts.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
"duration_minutes": 5
      },
      "evaluation_window_minutes": 5,
      "auto_execute": true,
      "escalation_contacts": [
        "on_call_engineer",
        "migration_lead"
Confidence
95% confidence
Finding
auto_execute

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
"duration_minutes": 2
      },
      "evaluation_window_minutes": 2,
      "auto_execute": true,
      "escalation_contacts": [
        "sre_team",
        "incident_commander"
Confidence
96% confidence
Finding
auto_execute

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
"duration_minutes": 1
      },
      "evaluation_window_minutes": 1,
      "auto_execute": true,
      "escalation_contacts": [
        "dba_team",
        "data_team"
Confidence
97% confidence
Finding
auto_execute

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
----------------------------------------
• Error Rate Spike
  Condition: error_rate > baseline * 5 for 5 minutes
  Auto-Execute: Yes
  Evaluation Window: 5 minutes
  Contacts: on_call_engineer, migration_lead
Confidence
91% confidence
Finding
Auto-Execute

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
• Service Availability Drop
  Condition: availability < 95% for 2 minutes
  Auto-Execute: Yes
  Evaluation Window: 2 minutes
  Contacts: sre_team, incident_commander
Confidence
93% confidence
Finding
Auto-Execute

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
• Data Integrity Check Failure
  Condition: data_validation_failures > 0
  Auto-Execute: Yes
  Evaluation Window: 1 minutes
  Contacts: dba_team, data_team
Confidence
94% confidence
Finding
Auto-Execute

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal