ClawHub
Back to skill

Security audit

runbook-generator

Security checks across malware telemetry and agentic risk

Overview

This is a local runbook generator that matches its stated purpose, but its output can contain sensitive configuration details if run on projects with real secrets.

Install only if you want a local tool to inspect project infrastructure files and draft runbooks. Run it on a reviewed project directory, avoid production folders containing real secrets when possible, and inspect Markdown or JSON output before sharing because it may include paths, service names, ports, commands, environment variable names, and some raw configuration values.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (10)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill advertises file reading, file writing, and shell execution behaviors but does not declare permissions or safety boundaries. That creates a trust and review gap: users and the platform may invoke a capability-rich skill without clear consent, and the generated workflow could lead to writing files or suggesting shell commands based on repository contents.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The script explicitly scans a live `.env` file and later incorporates discovered variable names into generated runbook output. Even though it masks most concrete values, exposing secret names, deployment flags, and internal configuration inventory can leak sensitive operational context beyond what is necessary for runbook generation.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The JSON mode serializes the full `scanned` structure, which includes environment-variable inventories, service commands, paths, and other operational details. This turns a documentation generator into a configuration extraction/export tool and can leak sensitive infrastructure metadata if the JSON is shared, logged, or stored.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger phrases are broad enough to match many normal documentation requests, so the skill may activate in contexts the user did not intend. Because this skill scans project files and may handle operational details, overbroad invocation increases the chance of unnecessary repository inspection and exposure of sensitive infrastructure information.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly scans .env and related configuration files and extracts environment variables, but it provides no warning, filtering, or redaction guidance for secrets. Runbooks generated from these sources could unintentionally expose credentials, tokens, internal endpoints, or other sensitive operational data in output artifacts.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The tool processes live `.env` files without any clear user-facing warning that even sanitized output may disclose sensitive configuration structure. In an ops-doc context, users may reasonably expect documentation generation, not inventorying of production-like secrets metadata.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The JSON output exposes raw scanned source data without warning, which may include sample configuration values, env variable names, commands, and infrastructure topology. This increases the chance of accidental disclosure because machine-readable output is more likely to be forwarded into logs, artifacts, or downstream systems.

Env Variable Harvesting

High
Category
Data Exfiltration
Content
has_npm = any(s["type"] == "package_json" for s in scanned)
    has_nginx = any(s["type"] == "nginx" for s in scanned)

    # Collect all env vars
    all_env = {}
    for s in scanned:
        if s["type"] == "env_file":
Confidence
97% confidence
Finding
Collect all env vars

Credential Access

High
Category
Privilege Escalation
Content
if f.is_file() and "[Unit]" in f.read_text()[:200]:
            scanned.append(scan_systemd_unit(f))

    # Scan for .env (not .example)
    env_file = root / ".env"
    if env_file.exists():
        scanned.append(scan_env_file(env_file))
Confidence
97% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
scanned.append(scan_systemd_unit(f))

    # Scan for .env (not .example)
    env_file = root / ".env"
    if env_file.exists():
        scanned.append(scan_env_file(env_file))
Confidence
97% confidence
Finding
.env"

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal