ClawHub

Index Usage Analyzer

Security checks across malware telemetry and agentic risk

Overview

This skill reads SQLite schema metadata and writes a disclosed recommendation JSON file, with no evidence of database modification, network access, credential handling, or deception.

Install only if you are comfortable with the skill reading SQLite schema metadata from the target database and writing a recommendation file under /root/.schema. Treat the generated indexes_to_drop list as advisory; review it manually before allowing any other tool to drop indexes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill is presented as an analyzer, but it performs an undocumented side effect by creating directories and writing a recommendation file to disk. Hidden persistence is risky because downstream components may trust or act on that file, and writing outside a clearly scoped workspace expands the skill's authority beyond read-only analysis.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
Hardcoding output to /root/.schema/recommendation.json grants the skill an unnecessary privileged filesystem target for a task that only needs database inspection. Using a root-owned location increases the blast radius: if the skill runs with elevated privileges, it can create or overwrite trusted files in a sensitive area, enabling persistence or influencing other root-context tooling.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill instructs writing analysis results to a root-owned path without warning the user about filesystem side effects or privilege assumptions. Hardcoding `/root/.schema/recommendation.json` is dangerous because it can fail unpredictably in normal contexts, and in privileged contexts it normalizes writing to sensitive locations that could overwrite files, create persistence points, or violate least-privilege expectations.

Missing User Warnings

Low
Confidence
87% confidence
Finding
The code silently writes a recommendation artifact without any user-facing notice, despite the skill being framed as analysis-only. Lack of disclosure weakens operator awareness and auditability, making unexpected state changes harder to detect and increasing the chance that generated output is mistaken for an authoritative or user-approved recommendation.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal