ClawHub

universal-shell-deployer

Security checks across malware telemetry and agentic risk

Overview

This skill is transparent about running deployment commands, but it needs review because it can change local or remote systems and includes unsafe default administrative credentials.

Install only if you are comfortable reviewing and approving shell commands that can modify services on the selected machine or remote host. Replace the MinIO placeholder password before any use, avoid root or Administrator remote accounts where possible, keep example remote nodes disabled until intentionally configured, and do not store secrets or sensitive command output in config.json.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The skill advertises a very broad capability to install, configure, and operate infrastructure across local and remote systems, which makes it likely to be invoked for many generic setup requests without sufficient narrowing. In practice, an over-broad trigger on a command-executing skill increases the chance that an agent will select a high-privilege shell automation path for ambiguous requests, leading to unintended command execution on local or remote hosts.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The configuration contains a remote SSH example using the username "root" and also defines default MinIO credentials ("minioadmin" / "change-me"). In a skill designed to execute infrastructure setup on local or remote hosts, embedded privileged accounts and default secrets materially increase the chance of unsafe deployment, credential reuse, accidental exposure, or immediate compromise if the generated environment is network-accessible.

Vague Triggers

Low
Confidence
76% confidence
Finding
This manifest does not clearly constrain when the skill should activate or what user intent is required before it can run command-execution workflows. Because the skill is explicitly capable of installing software and operating on remote hosts over SSH/PowerShell remoting, ambiguous trigger scope raises the risk of unintended invocation, overbroad use, or execution in contexts the user did not clearly authorize.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal