ClawHub

Devcontainer Validator

Security checks across malware telemetry and agentic risk

Overview

This is a local devcontainer.json checker, and the flagged dangerous strings are validation patterns rather than commands it runs.

Reasonable to install if you want a local devcontainer.json validator. It runs bundled Python code and reads only the file path you provide, so review the script before using it in sensitive repositories or CI; use --strict knowingly because warnings can become failing results.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
"""Best practices rules (3+)."""
    if "remoteUser" not in data:
        issues.append(("warning", "missing-remote-user",
                        "No 'remoteUser' specified — container will run as root"))

    if data.get("privileged") is True:
        issues.append(("warning", "privileged-container",
Confidence
80% confidence
Finding
run as root

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
# remoteUser
    if "remoteUser" not in data:
        issues.append(("warning", "missing-remote-user",
                        "No 'remoteUser' specified — container will run as root"))
    # privileged
    if data.get("privileged") is True:
        issues.append(("warning", "privileged-container",
Confidence
80% confidence
Finding
run as root

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
(r'\brm\s+-rf\s+/', "rm -rf / detected"),
    (r'curl\s+[^\|]*\|\s*(ba)?sh', "curl piped to shell"),
    (r'wget\s+[^\|]*\|\s*(ba)?sh', "wget piped to shell"),
    (r'chmod\s+777\b', "chmod 777 detected"),
    (r'\beval\s+', "eval usage detected"),
    (r'>\s*/dev/sd[a-z]', "writing to raw block device"),
    (r'mkfs\b', "mkfs (format disk) detected"),
Confidence
80% confidence
Finding
chmod 777

Tool Parameter Abuse

High
Category
Tool Misuse
Content
DANGEROUS_CAPS = {"SYS_ADMIN", "NET_ADMIN", "SYS_PTRACE", "SYS_RAWIO", "NET_RAW"}

SHELL_INJECTION_PATTERNS = [
    (r'\brm\s+-rf\s+/', "rm -rf / detected"),
    (r'curl\s+[^\|]*\|\s*(ba)?sh', "curl piped to shell"),
    (r'wget\s+[^\|]*\|\s*(ba)?sh', "wget piped to shell"),
    (r'chmod\s+777\b', "chmod 777 detected"),
Confidence
100% confidence
Finding
rm -rf /

Tool Parameter Abuse

High
Category
Tool Misuse
Content
DANGEROUS_CAPS = {"SYS_ADMIN", "NET_ADMIN", "SYS_PTRACE", "SYS_RAWIO", "NET_RAW"}

SHELL_INJECTION_PATTERNS = [
    (r'\brm\s+-rf\s+/', "rm -rf / detected"),
    (r'curl\s+[^\|]*\|\s*(ba)?sh', "curl piped to shell"),
    (r'wget\s+[^\|]*\|\s*(ba)?sh', "wget piped to shell"),
    (r'chmod\s+777\b', "chmod 777 detected"),
Confidence
95% confidence
Finding
rm -rf /

Tool Parameter Abuse

High
Category
Tool Misuse
Content
(r'\brm\s+-rf\s+/', "rm -rf / detected"),
    (r'curl\s+[^\|]*\|\s*(ba)?sh', "curl piped to shell"),
    (r'wget\s+[^\|]*\|\s*(ba)?sh', "wget piped to shell"),
    (r'chmod\s+777\b', "chmod 777 detected"),
    (r'\beval\s+', "eval usage detected"),
    (r'>\s*/dev/sd[a-z]', "writing to raw block device"),
    (r'mkfs\b', "mkfs (format disk) detected"),
Confidence
90% confidence
Finding
chmod 777

Tool Parameter Abuse

High
Category
Tool Misuse
Content
# ---------------------------------------------------------------------------

def strip_jsonc(text):
    """Remove // and /* */ comments and trailing commas from JSONC text."""
    result = []
    i = 0
    length = len(text)
Confidence
90% confidence
Finding
Remove //

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal