ClawHub

SSL

Security checks across malware telemetry and agentic risk

Overview

This documentation-only SSL skill uses powerful certificate and server commands, but they fit its HTTPS troubleshooting purpose and are not hidden or automatic.

Install if you want SSL/TLS setup and troubleshooting guidance. Run commands only for domains and servers you control, review paths before changing permissions or ownership, and treat private keys or PKCS#12 exports as sensitive secrets.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The file includes commands to extract and export a private key from a PKCS#12 bundle, but it provides no warning that the resulting PEM may be unencrypted and highly sensitive. In an SSL/TLS management skill, users are likely to copy these commands directly, which increases the chance of exposing private key material through insecure file permissions, shell history, backups, or accidental sharing.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The troubleshooting guide includes live certificate renewal commands that modify production certificate state without clearly warning the user that these actions are state-changing and may affect active services. In an SSL administration skill this is contextually relevant, but omission of cautionary guidance can still lead to accidental service disruption or unintended certificate replacement during troubleshooting.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The guide suggests changing permissions on certificate and especially private key files without emphasizing that these files are highly sensitive and that incorrect permissions or ownership can expose key material or break TLS service access. Because private keys protect server identity, unsafe permission guidance in an SSL skill is particularly dangerous even if the author likely intended to help fix access issues.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal