ClawHub

Cmdb Query

Security checks across malware telemetry and agentic risk

Overview

This CMDB lookup skill needs Review because it publishes shared internal credentials and can query highly sensitive records such as private keys and account data.

Only install this if you are authorized to access this internal CMDB and the exposed account has already been rotated or replaced. The skill should remove hardcoded credentials, require user- or vault-supplied scoped credentials, enable proper TLS verification, and block or redact sensitive models such as private keys, bastion access data, account forms, and billing records before general use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The declared purpose says the skill queries CMDB assets by resource type and name, but the content also exposes broader capabilities including authentication with embedded credentials and access patterns beyond the narrow description. This mismatch can mislead users and reviewers about the real access scope, increasing the chance of unauthorized sensitive data retrieval.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The skill claims to query ordinary CMDB asset data, but the documented labels include highly sensitive categories such as bastion-host data, private keys, and account request/user form resources. In this context, the broad query surface materially expands exposure from inventory lookup to identity and secret-related data access.

Context-Inappropriate Capability

Critical
Confidence
99% confidence
Finding
Including `sshprivatekey` as a queryable CMDB resource is extremely dangerous because it implies the skill can be used to discover or retrieve private keys for bastion-host remote access. In an asset-query skill, access to authentication secrets is far outside reasonable expectations and could directly enable infrastructure compromise.

Context-Inappropriate Capability

High
Confidence
95% confidence
Finding
The documented ability to query account application models and user forms extends the skill into identity/workflow data that may contain personal information, access requests, or approval metadata. That is not reasonably implied by a simple CMDB asset-query description and raises the risk of privacy violations and privilege abuse.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The file contains hardcoded CMDB service credentials and uses them automatically for authentication. Embedding secrets in source code is dangerous because anyone with code access can recover and reuse them, and the risk is amplified here because the credentials grant access to internal CMDB data.

Missing User Warnings

High
Confidence
99% confidence
Finding
The documentation directly exposes a hardcoded CMDB username and password, which is a clear secret disclosure. Anyone with access to the skill file can authenticate to the internal CMDB service for up to 8 hours per token and potentially enumerate sensitive infrastructure and account-related data.

Missing User Warnings

High
Confidence
98% confidence
Finding
The code silently accesses and transmits embedded credentials to an external CMDB endpoint without any disclosure or consent flow. This is dangerous because it hides privileged network activity from the user and normalizes secret handling that can lead to credential leakage and unauthorized backend access.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal