ClawHub

glkvm

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it gives an agent broad remote control over a GLKVM device and attached host with weak safety boundaries.

Install only if you intentionally want an agent to administer a trusted GLKVM device and attached host. Keep it on a trusted network, treat screenshots and OCR as sensitive, verify any ISO or firmware source yourself, and require explicit approval before power, reset, firmware upgrade, or virtual media actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The skill’s declared purpose is host control, but it also exposes firmware management and device-administration operations for the GLKVM appliance itself, including reboot and upgrade actions. That expands the authority of the skill beyond its stated scope and enables disruptive or persistent changes to the management device, which increases the chance of accidental misuse or unauthorized administrative actions.

Context-Inappropriate Capability

High
Confidence
96% confidence
Finding
The skill allows downloading arbitrary remote ISO images directly onto MSD storage from user-supplied URLs, including an option to skip TLS verification. This creates a path for untrusted payload delivery, malicious boot media staging, SSRF-like internal network access from the appliance, and compromise of the controlled host during boot or reinstall workflows.

Missing User Warnings

High
Confidence
95% confidence
Finding
The skill documents power, force-off, and reset operations through Fingerbot/ATX control without requiring confirmation or warning about data loss and service interruption. Because these actions affect physical power state, misuse can immediately disrupt systems, corrupt data, or take production services offline.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill instructs the agent to capture screenshots and perform OCR on a remote host without any privacy guidance or minimization controls. Screenshots and OCR may expose credentials, personal data, confidential documents, or security-sensitive system information, especially because the workflow recommends repeated capture and inspection.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill tells the agent to request and use the login password, then stores session material in a predictable temporary file, but provides no guidance on secret handling or cleanup. This increases the risk of credential exposure through logs, prompts, shell history, shared temp locations, or later reuse of leftover authentication cookies.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal