ClawHub

Fly.io

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a disclosed infrastructure CLI helper, but it exposes high-impact operations like token display, secret changes, SSH access, and machine destruction without clear safety boundaries.

Install only if you intend to let an agent help administer cloud infrastructure. Use a least-privilege account, avoid production credentials unless explicitly needed, require confirmation before any deploy, secret, database, SSH, scaling, or destroy command, and do not allow auth tokens or secrets to be printed into chat or logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill description is broad enough to match many routine infrastructure-management requests, including sensitive actions like deploying, scaling, secret management, machine destruction, and remote command execution. Without explicit scope boundaries or confirmation requirements, an agent could invoke this skill for ambiguous requests and perform impactful operations on production infrastructure.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documentation exposes sensitive and destructive commands such as printing auth tokens, setting secrets, destroying machines, attaching databases, and opening SSH consoles, but provides no warnings, confirmation steps, or safety constraints. In an agent context, this increases the risk of credential exposure, accidental production changes, service outages, or unauthorized command execution if the skill is triggered from incomplete or ambiguous instructions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal