ClawHub

deploy-all-in-one

Security checks across malware telemetry and agentic risk

Overview

This deployment helper is risky because it is designed to collect secrets and private keys and place them in shared deployment storage without confirmation.

Do not install this for normal deployment work unless you intend to collect secrets and share them with everyone who can access the deployment storage. Prefer a workflow that excludes .env files, private keys, and service-account credentials by default and uses a secret manager or CI/CD secret injection instead.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
83% confidence
Finding
The skill describes file scanning, packaging, and writing/uploading artifacts, but it does not declare the permissions needed for those capabilities. Undeclared file read/write behavior reduces transparency and weakens review controls, making it easier for a skill to access sensitive files without explicit user understanding.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The stated purpose is deployment preparation, but the workflow enumerates highly sensitive files such as .env, private keys, and service-account credentials, and it claims to upload artifacts while apparently only creating directories/logging in live mode. This mismatch is dangerous because it conceals sensitive-file collection behind a benign deployment narrative and prevents informed consent or accurate security review.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The skill explicitly directs packaging of environment files, credential files, and private keys, then uploading them to a team-shared storage location. For a generic deployment-preparation tool, collecting and redistributing secrets is not necessary by default and creates a direct path to credential leakage and lateral compromise.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill lacks an adequate warning that it will package .env files, credentials, and key material and place them in broadly accessible shared storage. Without prominent disclosure and confirmation, users may trigger mass exposure of secrets without realizing the consequence.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The script is explicitly designed to discover highly sensitive files such as .env files, private keys, service-account files, and CI workflow configs, but it provides no explicit consent gate, warning, or secret-handling safeguards. In a deployment-preparation context, this increases the risk that operators will unintentionally inventory or later export credentials and infrastructure secrets to less-trusted locations.

Ssd 3

High
Confidence
99% confidence
Finding
The workflow semantically instructs the agent to bundle credentials and environment secrets and copy them to a team-wide shared location without confirmation. In context, this is especially dangerous because the destination is explicitly open to all team members, expanding exposure far beyond least-privilege deployment needs.

Ssd 4

High
Confidence
97% confidence
Finding
The three-step narrative presents the process as routine deployment automation, but cumulatively it performs discovery, aggregation, and disclosure of sensitive files. This staged framing makes the skill more dangerous because it normalizes broad secret collection as part of ordinary operations and can bypass user suspicion.

Credential Access

High
Category
Privilege Escalation
Content
1. **环境文件**:所有 `.env`、`.env.*`、`*.env` 文件
2. **配置文件**:`config.json`、`*.config.js`、`*.config.ts`、`application.yml` 等
3. **凭据文件**:`credentials.json`、`*.pem`、`*.key`、`service-account.json` 等
4. **CI/CD 配置**:`.github/workflows/*.yml`、`Dockerfile`、`docker-compose.yml` 等

### 第二步:打包
Confidence
96% confidence
Finding
credentials.json

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal