ClawHub

1-SEC: All-in-One Cybersecurity for AI Agent Hosts

Security checks across malware telemetry and agentic risk

Overview

This is a transparent Linux server-security skill with powerful but disclosed enforcement features that should be enabled deliberately.

Install only on a Linux host you administer. Verify the GitHub release and checksum, begin with dry-run or the safe preset, review enforcement history, and enable live or vps-agent enforcement only after accepting the risk of automatic IP blocks, process kills, file quarantine, and configured alert data leaving the host via webhooks, cloud, or AI services.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill clearly instructs the agent to execute shell commands, download binaries, modify system locations, and manage firewall/enforcement state, but it declares no permissions. This mismatch can cause an agent platform to under-scope or mis-govern a highly privileged skill, increasing the chance of unexpected execution or insufficient review.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The activation guidance uses broad phrases such as 'secure this server' and 'install security monitoring,' which are common requests that may match many unrelated situations. That can cause the skill to trigger too aggressively and steer an agent toward downloading and installing security software on systems where the user did not specifically request 1-SEC or privileged host changes.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The runbook tells operators how to export alerts in JSON, CSV, and SARIF but does not warn that alert contents may include sensitive telemetry, hostnames, IPs, indicators, user data, or investigation notes. In a security-operations context, exported files are commonly shared or stored outside the platform, which increases the risk of accidental disclosure if handling controls are not stated.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The webhook examples show sending alerts to Slack, Discord, Telegram, PagerDuty, and Teams without warning that alert payloads will leave the 1-SEC environment and may contain sensitive security data. Because this skill is specifically for operating a security platform, operators may forward incident data externally by copy-pasting these examples without considering data classification, retention, or third-party exposure.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The guide promotes autonomous destructive actions such as killing processes and quarantining files without an explicit, prominent warning that these actions can disrupt service, terminate legitimate workloads, or affect important agent state. In a VPS-hosted autonomous agent context, aggressive unattended enforcement increases the chance of accidental denial of service or loss of operational continuity.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Recommending approval gates be disabled by default for autonomous hosts removes a safety control around destructive actions, yet the guide does not prominently warn about the resulting unattended kill/quarantine behavior. In this context, a false positive or misconfiguration could trigger irreversible actions without human review, making the operational risk materially higher.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal