ClawHub

Cargo Storage

Security checks across malware telemetry and agentic risk

Overview

This skill clearly does Cargo storage management, but it gives agents powerful delete and export commands without enough guardrails.

Install only for agents you trust to manage Cargo workspace storage. Use a least-privilege Cargo account or token, require explicit user confirmation before model/column removal or full exports, preview queries with LIMIT before downloads, and consider pinning or reviewing the Cargo CLI package version instead of relying on @latest.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill description is broad enough to match many generic data-inspection and data-modification requests, including sensitive operations like schema changes and SQL execution. In an agent environment, this can cause over-selection of a high-privilege skill and increase the chance of unintended destructive actions or unnecessary exposure of workspace data.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
These lines document model removal and unrestricted query download/export without warning about destructive impact or data exfiltration risk. In practice, an agent could follow these examples to delete models or export entire datasets when a user request is ambiguous, causing irreversible loss or disclosure of sensitive workspace data.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
Column removal is presented as a routine command without warning that it can irreversibly change schema behavior, break dependent queries, and affect downstream workflows or computed fields. In an agent-driven setting, that omission increases the likelihood of accidental destructive schema edits from loosely phrased user instructions.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation includes a destructive `column remove` command without any warning that the operation may permanently alter schema and potentially break dependent queries, computed columns, lookups, metrics, or downstream workflows. In a CLI skill that is explicitly used to modify workspace storage, omission of caution increases the chance of accidental destructive actions by users or agents acting on partial context.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation includes a direct model deletion command with only a limited note about dependency failures, but it does not clearly warn that removal is destructive and may permanently delete access to schema or associated stored data depending on platform behavior. In a storage-management skill, users may copy-paste commands verbatim, so omission of an explicit confirmation, backup, or impact warning increases the chance of accidental destructive actions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal