ClawHub

Lu Auto Deploy

Security checks across malware telemetry and agentic risk

Overview

This Docker deployment helper is purpose-aligned, but it gives high-impact deployment examples with broad host access and little safety scoping.

Install only if you want an agent to help generate Docker deployment commands. Review every command before running it, avoid broad host mounts, avoid exposing File Browser or Portainer without strong authentication and network restrictions, and treat any docker.sock mount as host-level Docker control.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger keyword list includes very broad terms such as “部署” and related operational phrases, which can easily match ordinary conversation and cause the skill to activate unexpectedly. Because the skill is capable of generating and suggesting file writes and deployment commands, accidental activation increases the chance of unintended infrastructure changes or risky command presentation.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The activation conditions do not define scope, prerequisites, or exclusions, so the skill boundary is unclear and may be invoked outside intended Docker deployment contexts. In a skill that proposes shell commands and compose files, ambiguous routing can expose users to commands they did not explicitly request or understand.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill provides shell commands and here-doc content that create directories, write docker-compose.yml files, mount host paths, and start containers, but it does not warn users about the risks of file writes, service exposure, privilege implications, or image trust. This is dangerous because users may run the commands verbatim, leading to unintended host data exposure, insecure defaults, or deployment of unreviewed services.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal