ClawHub

VMware Esxi Hardening

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed external API tool for generating VMware ESXi hardening configuration files, with no evidence of hidden code or automatic system changes.

Install only if you are comfortable sending selected hardening options, a timestamp, and a session identifier to the external API provider. Prefer a pseudonymous sessionId, omit userId unless needed, and test generated ESXi hardening files before applying them to production hosts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill documentation includes `sessionId`, `userId`, and `timestamp` in request examples and describes them as tracking/audit fields, but provides no privacy notice, retention limits, minimization guidance, or handling constraints. In a security-focused tool, encouraging transmission of persistent identifiers without data-handling disclosures increases the risk of unnecessary user tracking, correlation, and accidental leakage to third-party infrastructure.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The schema collects sessionId and optional userId but provides no indication of purpose, sensitivity, minimization, or handling guarantees. In a security-hardening tool, these identifiers could enable unnecessary tracking, correlation of user activity, or accidental exposure through logs and downstream systems, especially if clients send real session tokens or internal identifiers.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal