ClawHub

Ansible Ui

Security checks across malware telemetry and agentic risk

Overview

This skill is a simple, mostly placeholder DevOps CLI wrapper with minor under-disclosed local history logging, not evidence of malware or unsafe automation.

Before installing, verify which executable name will be installed and avoid passing tokens, passwords, or sensitive infrastructure identifiers as command arguments because one script can save the first argument in a local history file.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Tp4

High
Category
MCP Tool Poisoning
Confidence
81% confidence
Finding
The skill metadata and body describe a generic DevOps UI/API wrapper, but the analysis indicates additional behavior such as local command-history logging and a separate semaphore-style CLI identity that is not clearly disclosed in the visible description. Undisclosed persistence or telemetry-related behavior in an agent skill reduces operator awareness and can expose sensitive infrastructure commands, paths, or arguments entered during use.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill exposes generic trigger commands like run, info, and status without describing scope, allowed targets, or safety boundaries. In a DevOps context, broad verbs can lead to execution against infrastructure, inventory, or automation backends without sufficient user understanding or policy restriction, increasing the risk of destructive or unauthorized actions.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script logs command arguments directly to a history file under the user's data directory without notice, which can capture secrets passed on the command line such as tokens, passwords, hostnames, or internal project identifiers. In a DevOps context, CLI arguments often contain sensitive deployment material, so silent persistence increases the chance of credential disclosure to other local users, backups, support bundles, or later compromise.

Unrestricted Tool Access

Medium
Category
Excessive Agency
Content
## Usage

Run any command: `ansible-ui <command> [args]`
---
💬 Feedback & Feature Requests: https://bytesagain.com/feedback
Powered by BytesAgain | bytesagain.com
Confidence
97% confidence
Finding
Run any command

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal