ClawHub

中文 集群监控

Security checks across malware telemetry and agentic risk

Overview

This is a real cluster monitoring skill, but it also gives broad administrative remediation instructions without clear approval gates or safe limits.

Install only if you want an agent to help administer the named local Axioma services. Treat it as an operations runbook, not a read-only monitor: require explicit approval before restarts, process termination, SSH tunnel changes, data deletion, or writing incident details to memory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill is presented as a monitoring/status skill, but it also instructs the operator to perform state-changing remediation such as restarting services, re-establishing tunnels, killing processes, and deleting old data. This broadens the skill from read-only diagnostics into active administration, increasing the chance of unintended service disruption or destructive actions when invoked for a simple status check.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
Including privileged service-management commands like 'sudo systemctl restart' in a cluster-status skill creates a path from passive observation to privileged modification. If an agent or operator follows these instructions automatically or without proper review, critical services could be restarted unexpectedly, causing outages or masking underlying incidents.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
Advising operators to 'delete old data' as a disk-full response is dangerous because it introduces potentially irreversible data loss without specifying safe targets, retention policy, or backup requirements. In the context of a monitoring skill, this is especially risky because users may treat the advice as routine operational guidance rather than a last-resort maintenance action.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger list includes broad phrases and entity names such as 'Ezekiel' and 'Morgana', which can cause the skill to activate in unrelated conversations. Because this skill contains operational and maintenance instructions, accidental invocation increases the chance that system-impacting guidance is surfaced in the wrong context.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The usage table defines ambiguous activation boundaries and allows single-word triggers to launch a skill that includes administrative actions. This makes unintentional activation more likely during ordinary discussion of agent names, creating a pathway to inappropriate troubleshooting or maintenance advice.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill includes restart, tunnel re-establishment, process termination, and cleanup guidance without an explicit warning that these actions can alter system state or cause downtime/data loss. Users may reasonably assume a monitoring skill is read-only, making the hidden operational impact more dangerous in practice.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal