ClawHub
Back to skill

Security audit

Qa Test Env Data

Security checks across malware telemetry and agentic risk

Overview

This is a coherent QA test-environment guidance skill with no executable payload, but users should be careful before applying its cleanup, restart, or configuration advice in shared environments.

Install only if you want an agent to help reason about QA test environments and small temporary test data. Before following any advice that restarts services, changes configs, repairs data, or deletes/archive records, confirm the target environment, backup status, affected dataset, and approval path, especially for UAT or production-like data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
79% confidence
Finding
The activation criteria are broad enough to trigger on generic environment-related requests, which can cause the agent to apply environment-management guidance in contexts the user did not intend. In a skill that discusses configuration changes, service restarts, data prep, and cleanup, unintended invocation increases the chance of unsafe or destructive recommendations being surfaced without sufficient scoping or confirmation.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill describes cleanup options including deletion, archiving, and automatic cleanup after testing, but it does not require an explicit warning or confirmation before recommending potentially destructive data operations. In an environment-management skill, this is risky because users may apply the guidance to shared test/UAT environments where cleanup can remove needed records, disrupt parallel testing, or cause accidental loss of quasi-production data.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal