ClawHub

Network Config

Security checks across malware telemetry and agentic risk

Overview

This skill is a local network-operations logbook that stores user-entered notes on disk; the persistence deserves caution but is disclosed and purpose-aligned.

Install only if you want a local plain-text network notes/history tool. Do not enter passwords, tokens, private incident details, or sensitive topology information unless you are comfortable with it being stored under ~/.local/share/network-config and included in exports; periodically review or delete that directory, and verify that any network-config command you run points to this expected script.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation describes storing network-related entries and command history locally as plain-text logs without prominently warning users that potentially sensitive infrastructure details may be retained on disk. In a network-operations context, these logs can expose hostnames, IP ranges, alerts, benchmarks, and incident notes to other local users, backups, or later compromise.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script persistently stores arbitrary user-provided input and command history under ~/.local/share/network-config without clearly warning the user. In a network/sysops context, users may paste hostnames, IPs, credentials, incident notes, or other sensitive operational data, which then remains on disk and is later searchable/exportable, increasing exposure to local compromise or accidental disclosure.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal