ClawHub

Cloud Architect

Security checks across malware telemetry and agentic risk

Overview

This is a cloud architecture reference skill with markdown-only guidance; some examples could affect cloud resources if copied directly, but the behavior is disclosed and purpose-aligned.

Install as reference material, not as an automation tool. Before applying any suggested cloud command, lifecycle policy, purchase, deletion, or termination step, confirm the target account, production impact, retention obligations, backups, rollback path, and owner approval.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger list includes very broad terms such as 'AWS', 'Azure', 'GCP', and 'Google Cloud', which can cause this skill to activate for many generic cloud-related prompts rather than only for explicit architecture-design tasks. In an agent system, over-broad routing can misapply this skill, crowd out more appropriate specialized skills, and increase the chance of unsafe or irrelevant architectural guidance being injected into unrelated workflows.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The checklist recommends actions such as deleting volumes, snapshots, AMIs, and other resources purely as quick cost wins without adjacent warnings about data retention, dependency checks, backup validation, or service disruption. In a cloud architecture skill, users may treat these as approved operational guidance and execute destructive actions that cause irreversible data loss or outages.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal