ClawHub

DNS & Networking

Security checks across malware telemetry and agentic risk

Overview

This is a networking troubleshooting reference, but some examples can change system network settings if run directly.

Install as a reference skill, but do not let an agent run the privileged or persistent examples automatically. Review firewall, /etc/hosts, global proxy, and certificate-bypass commands before use, keep rollback steps handy, and avoid putting real proxy credentials directly into command lines or shared logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill goes beyond passive diagnostics and includes concrete firewall-changing commands for iptables, ufw, and the macOS firewall. In a troubleshooting skill, such commands can materially alter host/network exposure or lock out access if copied blindly, especially because they are presented as ready-to-run examples rather than clearly isolated, high-risk admin operations.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
This section includes persistent proxy and tool configuration changes, including global git/npm settings and environment variable exports, which exceed simple network debugging. These commands can reroute traffic, leak credentials, or break other tooling if applied on a user's workstation or shared environment without clear scope and rollback guidance.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The firewall examples include allow, deny, enable, save, and reset operations without prominent warnings about service disruption, lockout, or persistent rule changes. Users may interpret these as safe troubleshooting steps, but they can immediately change reachability, expose ports, or remove protections.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill demonstrates proxy configuration with embedded credentials in environment variables but does not warn that credentials may be exposed via shell history, process listings, logs, or shared session output. This creates a realistic secret-handling risk even though the example is instructional.

VirusTotal

32/32 vendors flagged this skill as clean.

View on VirusTotal