ClawHub

iDRAC

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed iDRAC administration helper with real operational and credential risks, but its behavior matches its stated purpose and does not show hidden or malicious actions.

Install only if you intend to manage Dell iDRAC devices from this machine. Use a dedicated least-privilege iDRAC account where possible, keep ~/.idrac-credentials protected or delete it when not needed, review ~/.config/idrac-skill/config because it is sourced by the shell script, and only run this on a trusted management network unless you modify it to validate the iDRAC certificate instead of using curl -k. Require explicit human approval before any power or BIOS-changing action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (11)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation includes authenticated power-control examples that can power on, gracefully shut down, or forcibly restart a production server, but it does not warn about service disruption, data loss, or require any confirmation step. In an agent skill context, exposing ready-to-run destructive commands increases the chance that an automated system or inattentive user triggers an outage against real infrastructure.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The session-auth examples show direct handling of usernames, passwords, session tokens, and session URIs without warning that these values are sensitive secrets that should not be logged, echoed, or retained. In a tool/agent setting, such examples normalize unsafe secret handling and can lead to credential or token leakage through shell history, logs, transcripts, or process inspection.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
When CREDS_SOURCE=env, the script writes the supplied username and password to ~/.idrac-credentials on disk. Even with mode 600, this creates persistent plaintext secret storage as a side effect, which increases exposure through backups, endpoint compromise, or later unintended reuse.

Session Persistence

Medium
Category
Rogue Agent
Content
## First-Time Setup

Create a config file at `~/.config/idrac-skill/config`:

```bash
mkdir -p ~/.config/idrac-skill
Confidence
89% confidence
Finding
Create a config file at `~/.config/idrac-skill/config`: ```bash mkdir -p ~/.config/idrac-skill cat > ~/.config

Session Persistence

Medium
Category
Rogue Agent
Content
#   OP_ITEM="<1password-item-name>"
#
# For CREDS_SOURCE="file":
#   Create ~/.idrac-credentials with contents: username:password
#   chmod 600 ~/.idrac-credentials
#
# For CREDS_SOURCE="env":
Confidence
96% confidence
Finding
Create ~/.idrac-credentials with contents: username:password # chmod 600 ~/.idrac-credentials

Tool Parameter Abuse

High
Category
Tool Misuse
Content
3. **Determine operation type:**
   - **Read-only** (status, health, logs, inventory) → Execute directly
   - **Destructive** (power off, restart, BIOS changes) → Confirm with user first
4. **Query Redfish API** via curl + Basic Auth (or session token for batch ops)
5. **Parse JSON** with jq
6. **Surface findings** to user in natural language
7. **Never expose credentials** in responses
Confidence
91% confidence
Finding
curl + Basic Auth (or session token for batch ops) 5. **Parse JSON** with jq 6. **Surface findings** to user in natural language 7. **Never expose credentials** in responses ## Endpoint Reference Fo

Tool Parameter Abuse

High
Category
Tool Misuse
Content
All examples use the helper script's `api_get` pattern. For raw curl:
```bash
curl -k -s -u "$(cat "$CREDS_FILE")" "https://${IDRAC_IP}/redfish/v1${ENDPOINT}"
```

## Table of Contents
Confidence
98% confidence
Finding
curl -k

Tool Parameter Abuse

High
Category
Tool Misuse
Content
```bash
# Create session (returns X-Auth-Token in headers)
SESSION_RESPONSE=$(curl -k -i -X POST \
  -H "Content-Type: application/json" \
  -d "{\"UserName\":\"${IDRAC_USER}\",\"Password\":\"${IDRAC_PASS}\"}" \
  "https://${IDRAC_IP}/redfish/v1/SessionService/Sessions")
Confidence
99% confidence
Finding
curl -k

Tool Parameter Abuse

High
Category
Tool Misuse
Content
SESSION_TOKEN=$(echo "$SESSION_RESPONSE" | grep -i "X-Auth-Token:" | awk '{print $2}' | tr -d '\r')

# Use session token for subsequent calls
curl -k -H "X-Auth-Token: $SESSION_TOKEN" \
  "https://${IDRAC_IP}/redfish/v1/Systems/System.Embedded.1" | jq

# Delete session when done
Confidence
97% confidence
Finding
curl -k

Tool Parameter Abuse

High
Category
Tool Misuse
Content
# Delete session when done
SESSION_URI=$(echo "$SESSION_RESPONSE" | grep -i "Location:" | awk '{print $2}' | tr -d '\r')
curl -k -X DELETE -H "X-Auth-Token: $SESSION_TOKEN" "${SESSION_URI}"
```

## Power Operations
Confidence
95% confidence
Finding
curl -k

Tool Parameter Abuse

High
Category
Tool Misuse
Content
api_get "/Systems/System.Embedded.1" | jq -r '.PowerState'

# Power on (if off)
curl -k -s -u "$(cat "$CREDS_FILE")" \
  -X POST -H "Content-Type: application/json" \
  -d '{"ResetType":"On"}' \
  "https://${IDRAC_IP}/redfish/v1/Systems/System.Embedded.1/Actions/ComputerSystem.Reset"
Confidence
99% confidence
Finding
curl -k -s -u "$(cat "$CREDS_FILE")" \ -X POST -H "Content-Type: application/json" \ -d '{"ResetType":"On"}' \ "https://${IDRAC_IP}/redfish/v1/Systems/System.Embedded.1/Actions/ComputerSystem.Re

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal