ClawHub

Qinglong

Security checks across malware telemetry and agentic risk

Overview

This Qinglong panel helper is coherent, but it gives an agent broad admin and host-level control with limited safety guidance.

Install only if you intentionally want an agent to administer your Qinglong panel. Use a non-production or least-privilege account where possible, prefer HTTPS, avoid sharing reusable passwords in chat, rotate credentials after testing, and require explicit confirmation before delete, import/export, system update/reload, dependency changes, or shell command actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The documented `/system/command-run` and `/system/command-stop` endpoints expose arbitrary shell command execution through the skill surface. In a QingLong management assistant, this dramatically expands scope from panel administration into full host-level code execution, so misuse, prompt injection, or overly broad agent authorization could lead to total server compromise.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill advertises powerful state-changing operations such as running tasks, modifying environment variables, and changing system settings without requiring user confirmation or warning about side effects. In an agent setting, this increases the risk of accidental destructive actions, unauthorized changes, or triggering harmful jobs from ambiguous natural-language requests.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs users to provide panel credentials or client secrets directly, but does not include strong guidance on secret handling, minimization, masking, or safer authentication flows. This exposes highly privileged credentials to the agent workflow and increases the risk of credential leakage through logs, transcripts, shell history, or downstream tool usage.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The examples include running jobs, stopping jobs, creating tasks, deleting tasks, and modifying environment variables without any cautionary language about irreversibility, production impact, or the need to validate targets first. In a natural-language automation skill, such examples normalize unsafe execution and can lead to destructive mistakes or abuse if the user prompt is unclear or manipulated.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation exposes numerous destructive and security-sensitive operations—deleting tasks, env vars, dependencies, importing data, updating config, executing commands, and system updates—without any safety guidance, confirmation requirements, or warnings. For an agent skill, lack of documented guardrails increases the chance that normal-language requests, misunderstandings, or adversarial prompts trigger irreversible changes.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal