ClawHub

Skill

Security checks across malware telemetry and agentic risk

Overview

This looks like a legitimate WordPress deployment guide, but it gives an agent broad server-admin authority and handles sensitive access material without enough safety boundaries.

Install only if you intend to let an agent administer a fresh or fully backed-up VPS that you control. Use a temporary SSH key or limited sudo account where possible, verify the SSH port before enabling UFW, review remote downloads before running them, avoid pasting private keys into chat, and treat the AI-crawler/Cloudflare robots.txt change as optional rather than part of normal deployment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The GEO/AI-crawler section materially expands the skill beyond WordPress deployment into search and AI indexing manipulation, including changing robots behavior and advising users to disable Cloudflare's managed robots protections. That scope creep increases attack surface and can cause users to weaken protective controls for a non-essential feature.

Description-Behavior Mismatch

Medium
Confidence
86% confidence
Finding
The skill presents itself as an 'interactive guide' but actually directs extensive privileged server administration, package installation, firewall changes, container deployment, and WordPress modification. This mismatch can mislead users into providing broad authority or secrets without realizing the extent of system changes that will occur.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The skill advertises highly generic natural-language triggers like "help me build a trade website," which can overlap with ordinary user requests and cause unintended activation. Because the skill guides infrastructure deployment and WordPress setup, accidental invocation could lead an agent to initiate sensitive operational steps or steer users into deployment workflows they did not explicitly request.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The README states that the agent will "automatically start" the 9-phase deployment when users say similar phrases, but it does not define precise trigger conditions or require an explicit confirmation gate. In an agent environment, this ambiguity increases the risk of overbroad matching and unintended execution of setup guidance affecting servers, DNS, SSL, or WordPress configuration.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger uses broad phrases plus 'or similar requests,' which can cause the skill to activate for generic website-building tasks outside its intended WordPress trade-site scope. Over-broad triggering is dangerous here because the skill includes high-impact server and site modification steps.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill requests highly sensitive SSH access details, including password or key-based authentication, without an upfront warning about secret handling, scope of access, or safer alternatives. In a skill that performs root-level changes, collecting these credentials is especially risky because compromise would grant full server control.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
This section performs system-altering and potentially disruptive operations such as OS upgrades, firewall changes, swap creation, and package installation, but lacks a clear high-level warning and confirmation checkpoint. In context, these actions can affect existing workloads, network access, or server stability if run on a shared or already-configured host.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill instructs the user to paste a TLS private key into a file without explicitly warning that the private key is highly sensitive and must never be disclosed beyond the target server. Exposure of this key would allow impersonation of the site and undermine HTTPS trust.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal