ClawHub

自然语言转 SQL 查询助手

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed MySQL assistant, but it can run real database reads and writes with weak guardrails around credentials and mutations.

Install only if you are comfortable letting an assistant run SQL against your MySQL databases. Use a test database or least-privileged account, avoid root and production credentials, review the exact SQL before execution, and require explicit approval for every write, delete, schema change, or transaction. Avoid passing real passwords through command-line flags when possible.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger conditions are overly broad and include generic phrases like '数据库操作' and '指定数据库,' which can match benign conversation and cause the skill to activate unexpectedly. In this skill’s context, accidental activation is more dangerous because the skill is designed to connect to local or remote MySQL instances and execute SQL, including write operations and transactions, so misrouting a request could lead to unintended data access or modification.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script accepts the database password via a command-line flag and passes it to mysql as -pPASSWORD. Command-line arguments are commonly exposed through process listings, shell history, audit logs, orchestration metadata, and debugging output, which can leak valid database credentials to other local users or monitoring systems. In this skill’s context, the danger is elevated because it explicitly supports user-supplied remote MySQL connections, so leaked credentials may grant access to external databases rather than only a local development instance.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script accepts a database password via a --password command-line argument and passes it to mysql as -p<password>. Command-line arguments are commonly exposed through process listings, shell history, audit logs, and orchestration metadata, which can leak credentials to other local users or monitoring systems. In this skill's context, the risk is elevated because it explicitly supports remote database access and user-supplied connection details, making credential handling a core feature rather than an edge case.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script accepts a MySQL password via the `--password` CLI argument and passes it as `-p<password>` to `mysql`, which can expose credentials through process listings, shell history, audit logs, or orchestration metadata. In this skill's context, the danger is elevated because it explicitly supports user-supplied remote database credentials, increasing the chance that real production passwords are handled insecurely and leaked to other local users or monitoring systems.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal