ClawHub

ALab Global Admin

Security checks across malware telemetry and agentic risk

Overview

This is a powerful ALab root-administration guide, but its authority is disclosed, scoped, and paired with credential and destructive-action safeguards.

Install this only where you intentionally want an agent to perform ALab root administration. Keep root and project admin keys out of prompts and logs, prefer secure stdin or ignored secret files, review any credential rotation, revocation, project removal, catalog removal, or prune command before execution, and consider disabling implicit invocation if every root-admin use should require an explicit request.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The manifest allows implicit invocation for a highly privileged global admin skill, but it does not define narrow activation conditions, trigger phrases, or contextual safeguards. This creates a real risk that the agent could auto-select a root-capable skill in ambiguous situations, leading to unnecessary use of high-privilege operations and potential unauthorized or destructive actions.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill description advertises root authority and sensitive administrative capabilities without any warning about the destructive or security-critical nature of those operations. In context, this is especially dangerous because the skill is meant for global administration of an ALab home, so users or orchestrators may invoke it without appreciating the blast radius of actions affecting credentials, backups, caches, or project handoff.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal