ClawHub

Synology DSM

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate Synology NAS helper, but it gives an agent powerful file and download-management actions while showing unsafe credential and destructive-operation examples that users should review carefully.

Install only if you want an agent to operate your own Synology NAS. Use HTTPS, avoid putting DSM passwords or OTP codes directly in chat or URL strings, prefer a least-privileged DSM account, and require explicit confirmation with exact paths before delete, overwrite, move, upload, download, or bulk task actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The activation text is broad enough to match generic NAS- or download-related requests, which can cause the skill to be invoked outside a clearly intended Synology DSM context. Over-broad triggering increases the chance that sensitive file-management or download actions are suggested in the wrong context, especially because the skill contains authenticated and destructive operations.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill documents deletion operations, including large deletions, without requiring confirmation, dry-run behavior, or a warning that data loss may be irreversible. In an agent setting, this creates a meaningful risk of accidental destructive actions against a user's NAS contents if the agent follows the documented workflow too eagerly.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The authentication flow places username, password, and potentially OTP values directly in curl query strings, which can leak through shell history, process listings, logs, browser/proxy logs, or agent transcripts. The skill also uses HTTP in examples despite a note preferring HTTPS, which further increases exposure of highly sensitive credentials in transit.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The upload and download examples transfer data to and from the NAS without warning about overwrite behavior, destination sensitivity, local file exposure, or unintended exfiltration. In particular, the upload example sets overwrite=true, which can silently replace existing data, and the download example writes directly to a local file path without safety checks.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal