ClawHub

VPS Health Auditor

Security checks across malware telemetry and agentic risk

Overview

The skill appears to do the advertised VPS health checks, but it uses high-impact SSH access with weak host verification and limited scoping safeguards.

Install only if you are comfortable giving the skill SSH-level access to the target server. Prefer a non-root account with limited sudo rights, verify the target host and key path before each run, and treat results as sensitive operational data. The publisher should remove disabled host-key checking, validate and quote SSH parameters, and require explicit confirmation before remote execution.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
86% confidence
Finding
The read_when conditions are broad enough that normal conversation about VPS health or a server check could auto-activate the skill, increasing the chance that a high-privilege diagnostic workflow is invoked unexpectedly. In a skill that performs SSH or local execution against servers, overly permissive activation is risky because it may lead to unintended access attempts, data collection, or execution on sensitive infrastructure.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The description says the skill runs diagnostics via SSH/local execution but does not prominently warn that it may connect to remote hosts, execute commands, and access operational data. This is dangerous because users may invoke it without understanding the privilege level, target impact, or exposure of logs/service state, especially when the example uses root over SSH.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script initiates SSH-based remote execution against an arbitrary host using caller-supplied user, host, and key material, while disabling host key verification via StrictHostKeyChecking=no. This makes man-in-the-middle attacks and accidental execution against spoofed or unintended hosts more feasible, and the lack of validation or confirmation increases the chance of misuse in an agent context.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal