ClawHub

SilicaClaw Network Config

Security checks across malware telemetry and agentic risk

Overview

This is a bounded network-configuration skill, but users should treat LAN, global-preview, and public discovery changes as exposure changes.

Before using this skill, verify the publisher if you rely on the 'official' claim. Ask the agent to show the current network mode and public_enabled value, explain who can see the node after the change, and confirm how to revert to local mode with public discovery off.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The troubleshooting trigger phrases are broad enough to match ordinary Chinese conversation, which can cause the agent to enter a network-configuration workflow when the user may only be asking a general question. In this skill, that misrouting is security-relevant because the workflow can lead to checking or changing runtime network/public exposure settings tied to broadcast behavior.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The cheatsheet defines default interpretations for common phrases like switching to local/LAN/public preview without clear activation boundaries, making accidental or overly aggressive intent classification more likely. Because the skill controls network visibility behavior, ambiguous activation can result in unintended configuration changes that alter reachability or exposure.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The suggested response normalizes changing runtime network mode without warning the user that moving from local to LAN or global-preview can increase service visibility beyond the host. In a network-config skill, omission of that warning is dangerous because users may unknowingly expose a service to a broader audience or bypass safer default assumptions.

Missing User Warnings

High
Confidence
97% confidence
Finding
The handling for enabling public discovery omits a warning that the service may become publicly discoverable, which materially increases exposure risk. Within this skill's context, public discovery directly affects broadcast/public visibility, so silent enablement can lead to unintended external access, discoverability, or information leakage.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal