ClawHub

部署故障分析及解决助手

Security checks across malware telemetry and agentic risk

Overview

This skill is a plausible deployment-log analyzer, but it asks the agent to save sensitive logs, use hardcoded MySQL credentials, and modify knowledge-base files/databases without enough safeguards.

Install only in a controlled environment. Rotate or remove the embedded database passwords, inspect the referenced external sync script and SQL before use, back up the Excel/MySQL knowledge base, and avoid submitting logs containing secrets, customer data, or internal infrastructure details unless you have a retention and deletion plan.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (17)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
These instructions allow the skill to initialize and modify a MySQL database, including executing setup SQL as root inside a container. That expands the skill from passive analysis into state-changing infrastructure administration, which can damage data integrity, alter records, or be abused to make unauthorized persistent changes if triggered inappropriately.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The workflow directs execution of external shell, Python, and docker commands to synchronize and validate the knowledge base. Granting broad command-execution behavior to a log-analysis assistant increases the blast radius substantially because malformed inputs, prompt steering, or operator misuse could turn a diagnostic tool into an infrastructure-modifying agent.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The log shows the skill initiating a deployment over SSH and performing remote checks/upload steps against a target host, which exceeds the declared purpose of fault analysis and document generation. A skill presented as an analyzer but capable of orchestrating deployment actions creates a dangerous mismatch in user expectations and could be abused to make unauthorized changes on infrastructure.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
This section shows package installation and execution of deployment scripts such as rpm installation and Python deployment tooling, which are operational changes rather than passive analysis. Embedding software installation inside a fault-analysis assistant materially increases the risk of unintended system modification, privilege misuse, and lateral operational impact.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The skill establishes SSH-based control of a remote host even though its stated purpose is troubleshooting analysis and report creation. Unnecessary remote execution channels expand the attack surface, can enable unauthorized command execution on production systems, and are especially dangerous because the capability is not justified by the advertised functionality.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
Direct RPM installation is unrelated to generating fault analyses or Word/Excel outputs and indicates the skill can alter host state. Even if intended for dependency setup, such behavior can be exploited to install unapproved software, create persistence opportunities, or destabilize the environment through unexpected package changes.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The logs show the skill initiating deployment over SSH and executing commands on a remote host, which materially exceeds the declared behavior of fault analysis, knowledge-base lookup, and report generation. This mismatch is dangerous because a user invoking a seemingly analytical skill could unintentionally trigger operational changes on production infrastructure.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The file shows package installation and execution of deployment scripts such as RPM installation and Python deployment utilities, which are active system-changing behaviors not justified by the stated purpose of analyzing logs and generating documents. Hidden execution capability in an analysis-oriented skill creates a privilege and trust-boundary violation that could be abused to alter systems unexpectedly.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
Remote SSH-based command execution is a powerful capability that is unnecessary for a fault-analysis assistant whose advertised role is to inspect logs and produce reports. In this context, the capability is especially dangerous because it enables arbitrary interaction with remote infrastructure under the guise of passive troubleshooting.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The logs demonstrate broad deployment automation behavior, including generating deployment state and invoking local deployment utilities, which goes beyond the minimum capability needed for troubleshooting assistance. This expands the attack surface and increases the chance that malformed input or misuse results in unintended infrastructure changes.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill mandates archiving every user input to persistent local storage before processing, with no user notice, consent, retention limit, or redaction step. Logs and error text often contain credentials, tokens, hostnames, internal paths, and personal data, so unconditional raw retention creates a meaningful confidentiality and compliance risk.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The description says analyzed issues are automatically recorded into Excel and may be synchronized to a database, but does not warn users that submitted fault data will be persisted and propagated. This can leak sensitive operational details into long-lived knowledge stores and broaden access beyond the original troubleshooting context.

Missing User Warnings

Medium
Confidence
79% confidence
Finding
The script performs local file writes for generated reports and related artifacts based on user-supplied paths, but there is no explicit warning, confirmation, or output-directory restriction. In this skill context, it processes potentially sensitive deployment logs, so silent creation or overwriting of .docx/.json/.xlsx files can unexpectedly persist sensitive operational data on disk or overwrite user files.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The code automatically writes a JSON sidecar next to the requested .docx output without any explicit flag or disclosure, causing hidden persistence of parsed fault data. Because the input is deployment logs and error messages, this sidecar may retain sensitive infrastructure details, paths, task IDs, or error context in a machine-readable format that is easier to scrape or reuse than the Word report.

Missing User Warnings

Medium
Confidence
77% confidence
Finding
The Excel append logic creates or modifies a workbook on disk without confirmation and stores summaries derived from faults, root causes, and document paths. In this context, the workbook functions as a knowledge base for deployment failures, so silent accumulation of operational error data can leak sensitive environment details or tamper with an existing local workbook unexpectedly.

Ssd 3

Medium
Confidence
96% confidence
Finding
Persistent storage of all raw user-provided input without minimization or consent creates a direct data-handling vulnerability. In this skill's context, deployment logs are especially sensitive because they commonly include infrastructure topology, usernames, service endpoints, file paths, and sometimes secrets, making the archival step more dangerous than in a generic note-taking workflow.

Ssd 3

Medium
Confidence
95% confidence
Finding
Automatically recording all new problems into Excel and potentially synchronizing them into a database can propagate sensitive contents from logs into multiple persistent systems. This broadens exposure, complicates deletion, and increases the chance that credentials, internal error details, or customer environment data become accessible to unauthorized users or reused in unsafe ways.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal