ClawHub

huawei-cloud-ascend-models-deploy

Security checks across malware telemetry and agentic risk

Overview

The skill is coherent for Huawei Ascend model deployment, but it should be reviewed because it generates privileged deployment commands that download and run remote scripts without integrity checks.

Install only if you trust the publisher and the referenced Huawei Cloud deployment scripts. Before running generated commands, inspect or pin the downloaded scripts, prefer a least-privileged deployment account, confirm the target host and port, and make sure there is a clear stop/rollback process for services started under /home/modelarts-agent.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
85% confidence
Finding
The trigger list includes broad terms like 'deploy', 'test', 'model list', and 'inference', which can cause the skill to activate in unintended contexts. Because this skill can lead to shell command generation and remote deployment workflows, accidental invocation expands the chance of unsafe or confusing operations.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The instructions directly download shell scripts from a remote URL with wget and immediately execute them via sh, without integrity verification, pinning to a specific trusted artifact, or warning the user about supply-chain risk. In a deployment skill that runs on privileged infrastructure, compromise of the remote host, bucket contents, or network path could lead to arbitrary code execution on the DevServer.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The troubleshooting guide recommends `kill -9 <PID>` as a direct remediation step without any caution, validation guidance, or safer alternatives. In an operational deployment skill, this can lead users to forcibly terminate the wrong process, interrupt active services, corrupt state, or cause avoidable downtime, especially if they copy commands mechanically during incident response.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The helper generates a shell command that downloads a script from a remote URL with wget and immediately executes it via sh, without any integrity verification, signature check, or user warning. If the remote host, object, DNS, or transport path is compromised, this becomes an arbitrary code execution path on the deployment host; in this skill’s context, that is especially sensitive because the script is intended to run on model deployment infrastructure.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal