ClawHub

Shellbot Website

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly coherent for Cloudflare website deployment, but it gives an agent high-impact cloud authority and has under-scoped secret deletion and secret-handling behavior users should review carefully.

Install only if you are comfortable letting the agent operate on your Cloudflare account. Prefer a narrowly scoped Cloudflare API token, avoid passing real secrets as command-line arguments, review any secret delete or teardown command before it runs, and assume status/log commands may reveal sensitive application data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Tp4

High
Category
MCP Tool Poisoning
Confidence
89% confidence
Finding
The skill advertises website building/design, but also documents destructive teardown, status/log inspection, OAuth token reuse from local Wrangler config, and direct Cloudflare API access. That mismatch can mislead users or higher-level agents into invoking broader and riskier operations than expected, especially when combined with credentialed infrastructure actions and log access that may expose sensitive data.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documented secret commands pass secret values directly on the shell command line (for example `put API_KEY "sk-..."`), which can leak via shell history, process listings, audit logs, CI job output, or agent transcripts. In an agent setting, those exposures are especially likely because commands and outputs are often captured centrally.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script force-confirms secret deletion by piping "y" into `wrangler secret delete`, removing Wrangler's interactive safeguard and making destructive actions easy to trigger accidentally or from higher-level automation. In a skill that manages production Cloudflare Workers secrets, accidental deletion can immediately break deployments, authentication, and runtime integrations across staging or production environments.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal