ClawHub
Back to skill

Security audit

Azuredatastudio

Security checks across malware telemetry and agentic risk

Overview

This is a simple local Bash-based data utility with disclosed local history storage and no evidence of network access, credential use, or hidden execution.

Install only if you are comfortable with an unofficial lightweight Bash tool that stores local command history. Avoid putting secrets, tokens, sensitive queries, or private filenames in command arguments, and verify which azuredatastudio executable will run before relying on it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation describes persistent local storage and history logging, but does not clearly warn users that imported data and executed commands will be retained on disk. This creates a risk of unintended retention of sensitive data, query contents, file paths, or operational metadata, especially if users assume the tool is ephemeral.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The `clean` command is described as cleaning and deduplicating data entries without warning that it may modify or remove records. Users or agents could invoke it assuming a safe read-only operation, leading to unintended data loss or corruption in the local store.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script logs user-supplied command arguments into a persistent history file without notice, redaction, or consent. If users pass sensitive values such as file paths, tokens, query text, secrets, or customer data on the command line, those values may be stored on disk and later exposed to other local users, backups, or support collections.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.