ClawHub

uk8s

Security checks across malware telemetry and agentic risk

Overview

This skill is meant to create a real UK8S cloud cluster, but it can install a CLI, create billable infrastructure, and print an admin password without enough safeguards.

Review this skill carefully before installing. Only use it when you intend to create a real UCloud Kubernetes cluster and accept possible charges. Verify the ucloud-cli download yourself, confirm the target project and region before any create call, and avoid letting the skill print passwords in shared or logged chats; rotate any generated password immediately.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill goes beyond orchestrating UK8S creation and instructs the agent to download and install a third-party CLI binary from GitHub. That expands the trust boundary and introduces supply-chain and unintended system-modification risk, especially because the binary is fetched and executed without integrity verification.

Intent-Code Divergence

Medium
Confidence
84% confidence
Finding
The skill says to collect missing configuration fields including API keys, but the shown command only sets region, zone, and project ID. This mismatch can lead operators to handle credentials inconsistently, manually inject secrets elsewhere, or assume the system is fully configured when sensitive auth material is still missing.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill automatically installs ucloud-cli by downloading a binary and placing it in the user's PATH without an upfront warning or consent step. Silent installation changes the host environment and can execute unreviewed code, which is risky in an agent context where users may not expect software installation.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill performs high-impact infrastructure actions and handles credentials/passwords without an upfront safety notice or explicit confirmation gate. In this context, the agent could create billable cloud resources and expose sensitive access data, making the absence of strong user consent especially dangerous.

Ssd 3

High
Confidence
99% confidence
Finding
The skill explicitly instructs the agent to retain the generated cluster password in plaintext and later report it back. Plaintext secret retention and disclosure increase the risk of leakage through chat history, logs, screenshots, or downstream tooling, and are especially sensitive because the password grants administrative access to new infrastructure.

Ssd 3

High
Confidence
99% confidence
Finding
The reporting template tells the agent to print the login password directly to the user. Even if intended for convenience, emitting secrets into the conversation creates durable exposure in transcripts and raises the chance of accidental compromise of the cluster.

VirusTotal

55/55 vendors flagged this skill as clean.

View on VirusTotal