ClawHub

Rancher Labs

Security checks across malware telemetry and agentic risk

Overview

This Rancher skill is not deceptive, but it gives an agent broad authenticated control over Kubernetes/Rancher resources without enough safety scoping.

Review before installing. Use a least-privileged Rancher account, prefer named Membrane actions over raw proxy requests, and require explicit user confirmation before creating, updating, or deleting clusters, namespaces, secrets, users, roles, tokens, registries, projects, or workloads.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The description 'Manage data, records, and automate workflows' is overly broad for a high-impact infrastructure integration and can cause the skill to be invoked for generic administrative requests without making clear that it affects Rancher/Kubernetes resources. In this context, accidental invocation is risky because the skill can reach privileged cluster-management operations, increasing the chance of unintended changes or disclosure.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The proxy-request section documents direct arbitrary API access, including support for POST, PUT, PATCH, and DELETE, but does not warn that these calls can modify or destroy clusters, namespaces, secrets, tokens, and other Rancher-managed resources. Because this is an infrastructure-management skill, presenting raw authenticated API access without approval and safety guidance materially increases the risk of destructive actions.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal