ClawHub

Sysadmin Handbook

Security checks across malware telemetry and agentic risk

Overview

This is a local sysadmin logging tool, not malware, but its marketplace-style description is confusing and users should know it stores their typed notes on disk.

Install only if you want a local plaintext sysadmin journal. Treat anything typed into it as saved history, avoid passwords, tokens, private keys, and sensitive incident details unless the local directory is adequately protected, and verify how the included script will be installed as the sysadmin-handbook command.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The file content documents a fully active CLI for recording scans, alerts, fixes, backups, and other sysadmin events, while the manifest claims the skill is merely a static knowledge collection. In a skill ecosystem, this kind of semantic deception is dangerous because it hides operational capabilities that process and persist sensitive administrative data, undermining informed consent and policy-based review.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The script’s implemented behavior is materially different from the declared skill purpose: instead of serving book/knowledge content, it acts as a persistent local sysadmin logging utility. This mismatch is dangerous because users or platforms may grant trust based on the manifest description while the code silently collects and stores operational inputs, increasing the risk of covert data collection and policy bypass.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The code creates a persistent data directory, writes logs, and exports collected data in multiple formats, none of which is implied by a reference/book-style skill description. Hidden persistence and export capabilities can enable unanticipated retention and exfiltration of sensitive user-provided content, especially when users think they are interacting with a passive knowledge resource.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
Initializing a dedicated data directory and history logging establishes persistent activity tracking that is not justified by the stated purpose of a knowledge collection skill. In this context, the capability is suspicious because it records user interactions over time without a clear functional need, creating avoidable privacy and trust risks.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The file header explicitly identifies the script as a 'Sysadmin Handbook — sysops tool,' which directly contradicts the manifest’s claim that this is a book/knowledge resource. This contradiction is dangerous because it indicates deceptive packaging or poor disclosure, making it easier to smuggle functionality that users and reviewers would not expect from the advertised skill.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This command path stores arbitrary user input verbatim in persistent logs and also records it in a history file, without warning about privacy, retention, or downstream exposure. Because inputs may contain secrets, hostnames, credentials, incident notes, or operational details, silent logging creates a meaningful confidentiality risk.

Ssd 3

Medium
Confidence
96% confidence
Finding
Across many commands, the tool records arbitrary user-supplied text and later exposes it through search, recent-history, status, and export features. In the context of a mislabeled knowledge skill, this creates a broad natural-language data leakage channel where sensitive operational content can be accumulated and retrieved or exported without users expecting that behavior.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal