ClawHub

Infrastructure

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only infrastructure skill with visible, user-run cloud and backup commands that are powerful but aligned with its stated purpose.

Safe to install as reference documentation. Do not copy-run commands blindly: use least-privilege cloud credentials, test backup and restore flows in staging, confirm retention rules before deleting old backups, and avoid running restore commands against live databases or volumes unless you are deliberately performing a recovery.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This markdown file contains a script that automatically deletes backups older than 30 days via `aws s3 rm`, which can permanently remove recovery data if retention logic is wrong or requirements change. The surrounding documentation does not warn readers that the example performs irreversible deletion or advise validating retention settings before use.

Tool Parameter Abuse

High
Category
Tool Misuse
Content
aws s3 cp /tmp/backup_$TIMESTAMP.dump $BUCKET/

# Cleanup local
rm /tmp/backup_$TIMESTAMP.dump

# Cleanup old backups (keep 30 days)
aws s3 ls $BUCKET/ | while read -r line; do
Confidence
85% confidence
Finding
rm /tmp/

Tool Parameter Abuse

High
Category
Tool Misuse
Content
olderThan=$(date -d "30 days ago" +%s)
  if [[ $createDate -lt $olderThan ]]; then
    fileName=$(echo $line | awk '{print $4}')
    aws s3 rm $BUCKET/$fileName
  fi
done
```
Confidence
85% confidence
Finding
rm $BUCKET/

Tool Parameter Abuse

Low
Category
Tool Misuse
Content
### Docker Volumes
```bash
# Backup volume to tarball
docker run --rm -v myapp_data:/data -v $(pwd):/backup \
  alpine tar czf /backup/data_backup.tar.gz /data

# Restore
Confidence
15% confidence
Finding
rm -v myapp_data:/

Tool Parameter Abuse

Low
Category
Tool Misuse
Content
alpine tar czf /backup/data_backup.tar.gz /data

# Restore
docker run --rm -v myapp_data:/data -v $(pwd):/backup \
  alpine sh -c "cd /data && tar xzf /backup/data_backup.tar.gz --strip 1"
```
Confidence
15% confidence
Finding
rm -v myapp_data:/

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal