ClawHub

Dead Letter Queue Analyzer

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only DLQ troubleshooting skill with expected operational commands, but users should be careful before reading sensitive queue payloads or replaying messages.

Install this only if you want DLQ operations guidance. Use least-privilege queue credentials, treat message bodies as sensitive data, confirm the target environment and queues, and do not run replay commands until the root cause is fixed, replay scope is reviewed, and duplicate or unsafe side effects are accounted for.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill advertises broad natural-language triggers such as 'why are messages failing' and 'analyze DLQ', which can cause it to activate during ordinary troubleshooting and steer the agent toward operational queue inspection commands. In this context, the commands access production messaging infrastructure and expose message bodies and metadata, so over-broad invocation increases the chance of unnecessary access to sensitive operational data or unintended execution of queue-related actions.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The replay section provides a ready-to-run command to move messages from a DLQ back to the main queue without requiring safety checks, validation of root cause, replay limits, idempotency verification, or an explicit warning about production impact. Replaying failed messages can re-trigger outages, duplicate side effects, re-poison consumers, or cause data corruption if the underlying issue is unresolved or handlers are not idempotent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal