ClawHub

grafana-inspector

Security checks across malware telemetry and agentic risk

Overview

This Grafana inspection skill is mostly purpose-aligned, but it uses Grafana credentials, writes local reports, and disables HTTPS certificate verification in one script, so users should review it before installing.

Install only after reviewing or fixing the TLS setting. Use a least-privileged Viewer token, avoid storing long-lived secrets in config.json, explicitly set the Grafana URL and dashboard scope instead of relying on broad auto-discovery, and keep generated reports out of shared or version-controlled directories because they may expose internal monitoring details.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill documentation describes behavior that uses filesystem reads/writes and network access, but it does not declare permissions or clearly constrain those capabilities. In an agent environment, undeclared sensitive capabilities reduce transparency and can enable unexpected data access, report creation, or outbound connections without informed user consent.

Tp4

High
Category
MCP Tool Poisoning
Confidence
83% confidence
Finding
The declared behavior does not fully match the implemented behavior: promised screenshot inspection features are missing, while additional checks such as alert status and datasource health are performed without being clearly disclosed. This mismatch is dangerous because users may grant trust and credentials based on incomplete documentation, causing the skill to access or process operational data beyond what they expected.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The invocation phrase '执行 Grafana 巡检' is overly broad and lacks safety constraints such as required parameters, confirmation, or environment scoping. Broad triggers increase the chance of accidental execution against production Grafana instances, potentially causing unintended network access, credential use, and creation of local inspection artifacts.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill states that screenshots and inspection reports are written to disk but does not warn users that these artifacts may contain sensitive operational data, dashboard names, metrics, alerts, or environment details. Storing such data without clear notice or retention guidance can lead to accidental disclosure through shared workstations, backups, or source-control commits.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documentation instructs users to create and place a Grafana API key into configuration but does not warn about secure handling, storage, scope minimization, or leakage risks. API keys can provide ongoing access to dashboards and monitoring data, so poor guidance here can result in credential exposure through plaintext config files, logs, screenshots, or repository commits.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script persists Grafana inspection results to local Markdown and JSON files by default, including dashboard, alert, datasource metadata, and the Grafana URL. In an automation/agent-skill context, this creates unintended local data retention that may expose sensitive operational metadata to other local users, later workflows, backups, or artifact collection systems even if the API access itself was legitimate.

VirusTotal

51/51 vendors flagged this skill as clean.

View on VirusTotal