ClawHub

Linux Kernel Crash Debug

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Linux kernel crash-debugging skill, but it works with sensitive memory dumps and live-kernel tools that require careful handling.

Install only if you need kernel crash or vmcore analysis. Treat vmcore files and crash output as confidential, prefer offline dump analysis, and use live-kernel tracing or raw crash commands only on test systems or explicitly approved production sessions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The guide documents writes to sensitive procfs/debugfs interfaces such as /proc/sys/kernel/kasan_multi_shot, /sys/kernel/debug/kmemleak, tracing/kprobe_events, and /proc/lock_stat without explicit warnings that these operations modify live kernel behavior and can affect stability, performance, logging volume, or system state. In a kernel-debugging skill this is contextually expected, but omission of safety guardrails still creates operational risk because users may run these commands on production systems or with root privileges without understanding the impact.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script explicitly exposes a `run` mode that passes arbitrary user-supplied crash commands into the `crash` utility with no allowlist, confirmation, or sensitivity warning. In this skill's context, `crash` can reveal kernel memory, task state, logs, symbols, and other highly sensitive forensic data, so an autonomous agent or unsuspecting user could disclose secrets from vmcore or live-analysis artifacts without realizing the risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal