ClawHub

Openclaw Ispconfig

Security checks across malware telemetry and agentic risk

Overview

This is not overtly malicious, but it gives an agent broad live control over ISPConfig, including destructive and VM-level actions, with weak default containment.

Install only if you intend to let an agent administer ISPConfig at a high privilege level. Use a least-privilege ISPConfig remote user, start with readOnly=true or a tight allowedOperations whitelist, and require human approval for deletes, password changes, server/system config edits, permission changes, and OpenVZ operations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

High
Confidence
94% confidence
Finding
This file exposes OpenVZ VM and container lifecycle operations such as create, update, start, stop, restart, and delete, which materially extend the skill from ISPConfig tenant/site administration into infrastructure administration. That scope expansion is dangerous because an LLM agent or user expecting only hosting-panel management could gain unexpected power over compute resources, causing outages, unauthorized provisioning, or destructive infrastructure changes.

Description-Behavior Mismatch

Medium
Confidence
87% confidence
Finding
The skill includes global configuration mutation capabilities such as system_config_set, server_config_set, and config value mutation APIs, which exceed ordinary site/domain/mail management and can alter platform-wide behavior. In an agent setting, this mismatch between declared purpose and actual capability increases the chance of unsafe invocation, privilege misuse, and broad configuration drift affecting multiple tenants or services.

Context-Inappropriate Capability

High
Confidence
92% confidence
Finding
Adding VM/container administration capability is unjustified by the stated purpose of managing ISPConfig servers for domains, mail, DNS, databases, and related hosting functions. This is dangerous because it grants a much broader operational blast radius than expected, enabling an agent to provision, modify, or destroy virtual machines rather than just manage application-layer hosting resources.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The skill advertises multiple write and delete operations, including record deletion and provisioning changes, without prominent warnings about destructive impact, rollback limitations, or required confirmation. In an agentic context, this increases the chance of accidental domain, mail, DNS, database, or account changes that can cause outages, data loss, or service misconfiguration.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The file exposes numerous destructive delete operations, including bulk-destructive functionality like client_delete_everything, without any built-in confirmation, dry-run mode, or secondary safety check. In an agentic context, a prompt mistake, misunderstanding, or malicious instruction could directly trigger irreversible deletion of sites, DNS zones, mailboxes, databases, VMs, and other resources.

VirusTotal

No VirusTotal findings

View on VirusTotal