ClawHub

Infrastructure Drift Detector

Security checks across malware telemetry and agentic risk

Overview

This is a coherent infrastructure drift-analysis skill, but its Terraform and remediation examples should be reviewed before use in real cloud environments.

Install only if you are comfortable letting the agent inspect IaC files and cloud state through your configured CLIs. Treat all generated terraform import, terraform apply, and CI scheduling examples as change-control items: review them, confirm the target account/workspace, and run them manually with least-privilege credentials.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill is presented as a drift detector, but it instructs the agent to invoke cloud-side operations such as CloudFormation drift detection and to generate remediation scripts that can lead directly to state-changing actions. This expands the skill from passive inspection into orchestration of operational workflows, increasing the chance that a user or downstream agent treats it as safe read-only analysis when it is not.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
Labeling `terraform plan -refresh-only` as 'safe, read-only' is misleading because refresh operations interact with state and can update the local or backend view of infrastructure during planning workflows. That mischaracterization can cause operators to run it in sensitive environments under the false assumption that it has no side effects, undermining change-control and audit expectations.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal