ClawHub

Database Migration

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Convex migration helper with real database-risk guidance, but its risky examples are purpose-aligned and accompanied by practical safety steps.

Install only if you are comfortable letting an agent help plan Convex data migrations. Treat any generated migration as production-impacting code: review it, run dry runs, verify backups or restore options, and require explicit confirmation before running production deploy or data-changing commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill broadly presents database migration guidance, including rollback and schema-change workflows, but does not prominently warn that these operations can cause data loss, downtime, or irreversible corruption if run incorrectly. In a skill intended to be used operationally, omission of safety caveats increases the chance that an agent or user will apply destructive patterns in production without backups, staging validation, or maintenance controls.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The examples explicitly include destructive actions like dropTable and removeColumn without surrounding warnings about production impact, dependency breakage, or rollback limitations. Because this is a migration skill, readers may treat the snippets as ready-to-run patterns, which makes the lack of guardrails materially risky even though the code is instructional rather than overtly malicious.

Missing User Warnings

High
Confidence
98% confidence
Finding
The checkpoint rollback example is especially dangerous because it drops the primary table and recreates it from a backup table, a pattern that can lose constraints, indexes, permissions, triggers, concurrent writes, and transactional consistency. Presented without a strong warning, it may encourage operators to use a brittle recovery method that can worsen an incident or cause irreversible data divergence under live traffic.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal