ClawHub

Cloudflare

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Cloudflare administration helper with powerful but purpose-matched account and DNS actions.

Install only if you want an agent to manage Cloudflare resources. Use a narrowly scoped Cloudflare API token, prefer read-only scopes for inspection, and explicitly approve every DNS, SSL, tunnel, settings, import, delete, or full-cache-purge action before it runs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill exposes shell-scripted operational capability against a high-impact external service but does not declare any explicit permissions or guardrails beyond prose in the documentation. In practice this can let an agent invoke sensitive DNS, SSL, cache, firewall, and tunnel changes without a machine-enforceable authorization boundary, increasing the chance of unintended destructive or security-affecting actions.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The invocation description is broad enough to match many general Cloudflare-related requests, including account-management tasks that can materially alter production infrastructure. Because this skill includes write and destructive operations, over-broad triggering increases the risk that an agent selects it in ambiguous situations and performs sensitive actions with an available API token.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This command performs irreversible DNS record deletion immediately with no built-in confirmation, dry-run mode, or safety interlock. In an agent context, a mistaken parameter, prompt injection, or user misunderstanding could delete production DNS records and cause outages or traffic misrouting.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
Tunnel deletion is a destructive account operation that executes without warning or confirmation. If invoked accidentally or through unsafe agent orchestration, it can break private service exposure and disrupt dependent systems.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
When no URLs are supplied, this function purges the entire zone cache by default without any explicit warning. In an automated agent setting, omitted arguments or malformed tool calls can trigger broad cache invalidation, causing performance degradation and operational disruption.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal