ClawHub

Render Deploy

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Render deployment helper, but users should be careful because it can create cloud services, push deployment config, and store deployment notes locally.

Install this only if you want an agent to operate your Render deployments. Confirm the repository, branch, Render workspace, service plan, region, git commits or pushes, and environment variables before approving actions. Keep real secrets out of chat, logs, and local memory unless you deliberately choose otherwise, and review ~/render-deploy/ periodically because it can contain useful infrastructure context.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill includes a concrete example for setting a sensitive environment variable (`JWT_SECRET`) using a placeholder secret, but it provides no warning about secure secret handling, storage, rotation, or the risk of exposing credentials in prompts, logs, or version-controlled files. In an agent skill that automates deployment, this omission can normalize unsafe operator behavior and lead to real secret leakage during provisioning.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The template explicitly instructs creation of a persistent file under `~/render-deploy/` without any disclosure to the user that local disk state will be created. While this appears intended for normal agent memory and handoff, undisclosed writes to a user's home directory can surprise users, create privacy concerns, and leave residual operational data on disk.

Missing User Warnings

Low
Confidence
90% confidence
Finding
These templates direct the agent to create several persistent notes and logs (`deployment-notes.md`, `env-inventory.md`, `incident-log.md`) that may accumulate operational history, repository details, workspace identifiers, and deployment outcomes over time. In a deployment skill, such retained metadata can expose sensitive infrastructure context if the machine, account, or workspace is later accessed by another party.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The environment inventory template stores secret-adjacent configuration metadata such as variable names, scope, source, and whether a value is secret. Even without storing the secret values themselves, this creates a map of sensitive controls and deployment architecture that could materially aid an attacker in targeting privileged variables or inferring authentication mechanisms.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The setup text explicitly asks the operator to clarify whether the skill should activate for every deployment request or only when Render is explicit, meaning the activation boundary is not predefined in the skill itself. In an agentic environment, that ambiguity can cause over-broad invocation on unrelated deployment tasks, increasing the chance of unintended actions, unnecessary access to repository or environment context, and user confusion about when the skill is operating.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal