ClawHub

skytekx

Security checks across malware telemetry and agentic risk

Overview

This appears to be a minimally implemented cloud monitoring helper with broad command-execution permission but no active harmful behavior in the provided evidence.

Install only if you are comfortable giving the skill command-execution capability. Treat it as a placeholder or early version, run it only for explicit cloud monitoring/dashboard tasks, and require confirmation before using it with production credentials or making alert/infrastructure changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The manifest requests the "exec" permission and ships a shell script, which gives the skill the ability to run arbitrary system commands. For a cloud monitoring dashboard skill, that capability is broader than what is justified by the stated read/visualize/optimize purpose, so it increases the risk of command execution, environment inspection, or abuse if the script or downstream inputs are compromised.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The invocation guidance is broad enough that an agent could trigger this skill in many cloud-related situations without clear scoping, approval requirements, or environment constraints. Because the skill has exec permission and exposes operations that may launch dashboards or modify alert rules, overly permissive triggering increases the chance of unintended execution or changes in sensitive infrastructure contexts.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal