ClawHub

Caprover Management

Security checks across malware telemetry and agentic risk

Overview

This is a coherent CapRover admin skill, but it tells agents to weaken HTTPS protection while handling powerful server credentials.

Review before installing. Use this only if you intend to give the agent administrative control over a CapRover server. Prefer a valid certificate, custom CA bundle, or certificate pinning instead of disabling TLS verification, avoid running the CLI where output is logged, and review deploy, delete, volume, port, registry, and serviceUpdateOverride changes before execution.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The CLI prints the first part of the CapRover authentication token to stdout after login. Even partial secret disclosure is risky because terminals, CI logs, shell history capture tools, and shared consoles may expose enough token material to aid correlation, debugging leakage, or accidental full-token disclosure workflows. In this skill's context, the token grants administrative access to a CapRover instance, so exposing any portion of it is unnecessary and increases operational risk.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The authentication example sends an administrative password to a remote server and explicitly disables TLS hostname verification and certificate validation. This makes credential interception and man-in-the-middle attacks substantially easier, especially on untrusted networks or with DNS/proxy compromise.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill is designed to deploy apps, change ports, volumes, environment variables, and Swarm overrides, all of which can alter live services and potentially cause downtime or data loss. Without a clear upfront warning or confirmation model, users may invoke impactful infrastructure changes without understanding the consequences.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation explicitly describes use of an authentication token and registry passwords but provides no guidance on secure handling, storage, redaction, or avoidance of logging. In an agent skill context, this increases the chance that secrets are exposed in prompts, logs, traces, or error messages during automated API interactions.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
Printing part of the authentication token without warning or justification is an information disclosure issue. Because this helper manages deployment and infrastructure state on a CapRover server, CLI output may end up in logs or be visible to other users, making this more dangerous than in a low-privilege utility; the exposed value is an admin bearer token, not a harmless identifier.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
Base URL: `https://<captain-domain>`
Auth header: `x-captain-auth: <token>`
All bodies: `Content-Type: application/json`
SSL: often self-signed → disable verification in HTTP clients

## Table of Contents
1. [Authentication](#authentication)
Confidence
98% confidence
Finding
disable verification

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal