ClawHub

Schema Manager

Security checks across malware telemetry and agentic risk

Overview

This database skill can silently change a live schema by writing and executing index-drop migrations, with weak safeguards and behavior that does not fully match its description.

Install only if you are prepared to audit and modify the script first. Do not run it against production or shared databases as-is; require an explicit dry-run, review generated SQL, confirm the target database, and remove automatic DROP INDEX execution unless a human has approved the exact migration.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill advertises filesystem capabilities through its behavior but does not declare permissions, which undermines review and consent boundaries. In a schema-management context, undeclared file read/write can be used to inspect migration contents and create new migration files without explicit approval, increasing the risk of unexpected state changes.

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
This is a true vulnerability because the documented behavior materially differs from the described purpose: it generates new migrations, performs destructive index drops based on heuristics, mutates migration-tracking state, and may not execute the validated migrations it claims to apply. In a database schema skill, this mismatch is especially dangerous because users may authorize validation or routine migration application while the skill performs unreviewed destructive schema changes and leaves the database in an inconsistent state.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The skill advertises that it applies pending schema migrations, but this code only executes them as a validation dry-run and immediately rolls back, so required migrations are never actually installed. In a schema-management context this is dangerous because operators may believe the database is up to date while the tool still performs other schema-changing actions later, creating drift, failed deployments, or application breakage.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The index-analysis phase performs destructive actions by generating SQL that drops indexes based only on name patterns and then immediately executing it. In a schema-manager skill, this is especially risky because it turns a diagnostic/analysis feature into an unreviewed schema mutation path that can remove performance-critical or constraint-related indexes and cause outages or severe degradation.

Vague Triggers

Medium
Confidence
77% confidence
Finding
Broad invocation wording without narrow trigger constraints can cause the skill to be selected in situations where destructive database operations are not intended. Because this skill can validate, generate, and apply schema changes, ambiguous routing increases the chance of accidental invocation against the wrong environment or with insufficient operator review.

Missing User Warnings

High
Confidence
95% confidence
Finding
The markdown describes applying migrations and generating cleanup migrations without warning that these actions can be destructive, especially when dropping indexes based on naming-pattern recognition. In the schema-management context, lack of warning and confirmation is dangerous because index removal and migration execution can degrade performance, break constraints, or cause downtime in production systems.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The code writes a new migration file and executes index drops without any user-facing warning, approval, or dry-run boundary at the point of destruction. In this operational context that increases the chance of accidental data-platform disruption, because simply invoking a management script can silently mutate both the database schema and the migration directory.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal