ClawHub
Back to skill

Security audit

Ubuntu Inspector

Security checks across malware telemetry and agentic risk

Overview

This is a transparent Ubuntu inspection skill, but its local report can contain sensitive system details.

Install and run this only on Ubuntu systems you intend to inspect. Treat the generated /tmp report as sensitive because it can include hostnames, IP addresses, listening ports, usernames, login history, process listings, and recent errors; move it to a protected location or delete it when finished, and run as root only when you need full visibility.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Low
Confidence
76% confidence
Finding
The skill states that it will automatically generate a report file in /tmp, but does not clearly warn the user that potentially sensitive system inventory and security data will be written to local disk. On multi-user systems, predictable temporary-file usage can increase exposure of host details, login history, network state, and audit information if file permissions are weak or the path handling is unsafe.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The script writes a comprehensive host inspection report to /tmp, a globally accessible temporary location on many systems, and the report includes sensitive operational data such as host identity, IP addresses, listening ports, login history, running processes, and security-relevant status. Even though the script is intended for diagnostics, storing this data in /tmp without restrictive permissions or an explicit warning increases the risk of inadvertent disclosure to local users or other processes.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.