ClawHub
Back to skill

Security audit

KWDB Performance Review

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only performance skill, but it under-discloses and inconsistently scopes cluster-wide database tuning and schema-changing SQL examples.

Install only if you want the agent to provide DBA-style KWDB tuning advice, not just query review. Do not let it apply SET CLUSTER SETTING, CREATE INDEX, or DROP INDEX output automatically; require a DBA/operator to review impact, rollback, monitoring, and production change controls first.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (11)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill's scope declarations conflict with its workflow: it claims configuration/deployment topics are out of scope, but later provides detailed cluster-setting optimization guidance. This can cause unintended activation in higher-risk operational contexts and may lead users or agents to perform sensitive configuration review or propose cluster-level changes outside the intended safety boundary.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The trigger logic says configuration optimization and parameter tuning should activate the skill, while the NOT-for section says deployment/configuration questions should not trigger. This inconsistency can bypass routing expectations and cause the skill to handle operational configuration matters it was supposed to exclude, increasing the chance of unsafe or confusing guidance.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The template instructs the agent to produce cluster-wide configuration tuning recommendations and executable `SET CLUSTER SETTING` commands, which materially expands the skill from SQL query performance review into operational database administration. This scope expansion can cause unsafe or unauthorized changes to memory, compression, compaction, and vacuum settings, increasing the risk of service degradation or policy bypass if the agent is used in contexts where only query analysis was intended.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
This example instructs users to apply cluster-wide configuration changes that alter storage/compression behavior, which is outside the skill's declared scope of query-performance review. In a skill that users may trust for safe EXPLAIN/query tuning, broad operational settings can cause unintended performance regressions, higher CPU cost, or service-wide side effects across unrelated workloads.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
These examples recommend compaction and storage-engine tuning that affects global database behavior rather than individual query plans, exceeding the manifest's stated EXPLAIN/query-optimization purpose. Because the changes are cluster-wide and can increase CPU, IO, memory, or temporary disk usage, a user seeking query advice could be induced to make risky operational modifications without appropriate safeguards.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The example recommends `CREATE INDEX` on a relational table even though the skill metadata explicitly says the skill is not for DDL or schema design. This creates scope drift: users may follow schema-changing guidance from a skill that should be limited to query tuning, potentially causing unauthorized production changes or bypassing intended delegation to a schema-focused skill.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
This file materially expands the skill from SQL query review into cluster-wide operational parameter tuning, including memory, compression, compaction, and vacuum behavior. Even though it includes confirmation prompts and cautions, it equips the agent to recommend sensitive configuration changes outside the declared scope, increasing the chance of unsafe or unauthorized operational guidance.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The guidance instructs how to inspect and influence cluster-wide settings via SHOW CLUSTER SETTING and provides detailed decision trees for changing global database behavior. In the context of a skill advertised as query performance review, this can lead an agent to overreach into privileged administration, potentially causing performance regressions, resource exhaustion, or service instability if followed.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The pseudocode builds SQL by directly interpolating cursor_ts into the WHERE clause using an f-string, which teaches an unsafe pattern that can enable SQL injection if the cursor is attacker-controlled or insufficiently validated. In a performance-review skill, readers are likely to copy this implementation guidance into real applications, so the documentation context increases the practical risk despite being labeled as pseudocode.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill explicitly claims it is not for DDL, schema design, deployment, or DML writes, yet it documents `SET CLUSTER SETTING` commands that can change cluster-wide behavior. In an agent setting, this expands the skill from read-only/query-tuning guidance into administrative modification capability, which could cause unauthorized configuration drift, weaker safety limits, or degraded availability if followed automatically.

Missing User Warnings

Low
Confidence
67% confidence
Finding
The DROP INDEX example is a destructive schema-change operation presented with only minimal caution, which can encourage unsafe execution in a performance-advice context. If followed without workload validation, it can degrade production performance, break query plans, and cause operational disruption, especially because the skill metadata says DDL is out of scope.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal