ClawHub

Palantir Foundry CLI

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Palantir Foundry CLI helper with powerful but disclosed admin, data, and pipeline examples that require careful user control.

Install this only if you intend to let an agent help with Palantir Foundry CLI work. Use least-privilege development profiles when possible, avoid pasting real tokens or client secrets into chat or shell history, verify every RID and profile before execution, and require explicit approval for delete, --force, --yes, --confirm, --execute, role-management, user/group, stream-reset, and production schedule commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (16)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger list is broad enough to invoke the skill for many generic terms such as 'dataset', 'SQL query', 'build', or 'RID', increasing the chance the agent loads this skill in contexts the user did not intend. Because the skill enables administrative and data-access operations, unintended invocation can expose sensitive guidance or steer the agent toward high-impact actions without sufficient contextual checks.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill describes authentication via bearer token environment variables and highlights powerful admin capabilities, but it provides no warning about handling secrets, permission boundaries, or the risk of destructive or organization-wide changes. In this context, omission of safety guidance is dangerous because users may expose tokens, run privileged commands casually, or perform sensitive operations without confirmation.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation includes examples that export potentially sensitive administrative data such as user lists, groups, and likely privileged-account search results to local files without warning about data sensitivity, storage hygiene, or access controls. In an admin-oriented skill, this can normalize unsafe handling of identity and authorization data and increase the risk of accidental disclosure through shared workstations, source control, backups, or insecure file permissions.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This documentation exposes destructive resource deletion and permanent deletion commands, including force flags that bypass confirmation, with only limited warning coverage. In a command reference skill, users may copy-paste these examples directly, increasing the chance of accidental or overly broad data loss if the wrong RID is supplied or safeguards are skipped.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The project deletion command is documented as a routine command without any warning about destructive consequences, confirmation semantics, or scope of impact. In administrative CLI documentation, omission of such cautions can lead operators to delete the wrong project or underestimate downstream loss of access, configuration, or associated resources.

Missing User Warnings

Low
Confidence
81% confidence
Finding
The role grant/revoke examples describe direct permission changes, including granting owner and editor roles, without warning that these commands can expand access to sensitive resources or cause privilege escalation if misapplied. Although this is expected administrative functionality, copy-pasteable examples without guardrails can normalize unsafe permission changes and lead to accidental overexposure.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation includes a destructive `schedules delete ... --yes` example without an adjacent warning that the action is irreversible and can disable automated production workflows. In an orchestration/operations context, users often copy commands directly, so omission of a safety warning increases the chance of accidental deletion of active schedules.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The `schedules run` example triggers immediate execution but does not warn that it may launch real production work, consume resources, or cause downstream side effects such as data changes, notifications, or duplicate processing. In orchestration command references, this context makes the omission more dangerous because the command is operational and likely to be copied verbatim.

Missing User Warnings

Low
Confidence
95% confidence
Finding
The documentation instructs users to export authentication secrets as environment variables but does not warn about the operational risks of doing so, such as persistence in shell startup files, accidental leakage in CI logs, or exposure to child processes and debugging output. While common, this can lead to credential disclosure if users adopt unsafe handling practices based on the example.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The example shows a client secret passed directly on the command line, which can be recorded in shell history and may be visible to other local users through process listings or audit logs. Because OAuth client secrets are long-lived and high-value credentials, documenting this pattern without a warning can normalize insecure secret handling and materially increase the chance of credential compromise.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The publish examples instruct users to send arbitrary JSON records to Foundry without any warning that the payload may include sensitive, personal, or regulated data. In a streaming context, users may quickly test with real production-like records, increasing the chance of accidental transmission of secrets or PII to a remote platform.

Missing User Warnings

Medium
Confidence
78% confidence
Finding
Documenting `pltr orchestration schedules delete ... --yes` without any warning normalizes an irreversible destructive action and suppresses confirmation, making accidental deletion more likely in operational use. In a workflow skill focused on production pipelines and schedules, that can disrupt recurring ETL jobs, reporting, and downstream data availability.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The import examples use `--execute`, causing immediate dataset-modifying actions against Foundry targets with no cautionary note, dry-run guidance, or validation step. In a data-pipeline skill, users may copy-paste these commands into production, potentially overwriting, polluting, or ingesting untrusted external data into important datasets.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
This section provides direct permission-granting, revocation, and bulk access-management commands without any caution that they modify live access controls and can grant powerful roles such as owner. In a workflow skill, omission of warnings increases the likelihood of accidental over-permissioning, misuse against production resources, or changes being run without approval or verification.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The user and group management examples export identity inventories to local CSV files without warning that the outputs may contain sensitive personal, organizational, or access-related information. This can lead to unintended local persistence, insecure sharing, or leakage of user directories and group structures from administrative environments.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The security audit workflow generates files containing user, group, and potential administrator data but does not warn that these audit artifacts are sensitive and may become high-value targets if left on disk. In a security context, naming outputs as audit files can encourage broad collection while underemphasizing access control, retention, and secure storage requirements.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal