ClawHub

5GC Automation

Security checks across malware telemetry and agentic risk

Overview

This is a real 5GC dashboard automation skill, but it ships shared login credentials, stores reusable sessions, and can make live configuration changes without strong safety controls.

Install only in a controlled lab or trusted internal environment. Rotate the exposed dotouch credentials, replace hard-coded secrets with per-user or vault-provided credentials, protect or disable .sessions caching, and add confirmation/dry-run and rollback procedures before running this against any shared or production 5GC dashboard.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (27)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The script contains fixed login credentials and automatically reuses authenticated browser session state from disk, allowing anyone with access to the script or session files to authenticate to the target 5GC web interface. In this skill context, the script is designed to make real AMF configuration changes on a management plane, so unauthorized reuse of those credentials or cookies could directly enable administrative actions against telecom infrastructure.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The script embeds a real username and password directly in code and uses them to perform authenticated changes against a live management interface. In a skill meant for UI automation of 5GC/PCF administration, this is especially dangerous because anyone with access to the script can reuse the credentials to log in and make privileged configuration changes well beyond the immediate automation task.

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
The script hardcodes working login credentials directly in source code and then uses them automatically to authenticate to a production-like management interface. This is dangerous because anyone with access to the skill can reuse the credentials to access the 5GC web system, and the skill’s purpose is administrative configuration, so compromise directly enables unauthorized changes.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The script’s header suggests a narrow add-PCF/PCRF automation task, but the implementation also performs authentication and writes reusable authenticated session cookies to disk. This expands the trust and attack surface beyond what a user might reasonably expect, and those persisted cookies could be reused by other local users, malware, or later tooling to access the platform without re-authentication.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The script embeds usable login credentials directly in code and then uses them to authenticate to a live 5GC management interface. Hardcoded credentials are highly dangerous because anyone with access to the skill can recover and reuse them, enabling unauthorized administrative access and downstream modification of telecom core configuration.

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
The script hardcodes working login credentials directly in the automation logic, which exposes secrets to anyone with access to the skill source and enables unauthorized access to the 5GC management interface. In this context, the credentials are especially sensitive because the script performs authenticated configuration changes on core network policy objects, so compromise can lead to broad administrative misuse.

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
The script contains hardcoded credentials and uses them to authenticate to a live 5GC web management interface. Embedding reusable admin or operator credentials in code is dangerous because anyone with access to the skill can recover them and gain unauthorized access to sensitive network configuration functions.

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
The script hardcodes usable credentials and automatically logs into a live internal web application before performing administrative actions. This creates credential exposure risk in source control, enables unauthorized reuse by anyone with code access, and expands the skill’s capability beyond simple TC template input into privileged authenticated access.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documented bulk-edit behavior and auto-delete/rebuild workflow can modify or remove configuration at scale without prominent warning, dry-run support, or rollback guidance. In a 5GC control-plane environment, this raises the risk of mass misconfiguration, service disruption, and unintended policy replacement affecting many subscribers or network elements at once.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Publishing default login credentials and documenting reusable local session caches without security warnings is dangerous because it normalizes insecure authentication practices and increases the likelihood of credential theft or session hijacking. In this context, the target is a 5GC management dashboard, so compromise could permit broad administrative changes to core network configuration.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The wrapper invokes a child process with shell execution enabled while forwarding user-influenced arguments. Even though spawn is used, shell:true causes the command to be executed through a system shell, which can enable command injection or argument reinterpretation if crafted input reaches shell metacharacter handling; in this skill context, successful exploitation could lead to arbitrary command execution on the host running 5GC automation, not just misconfiguration.

Missing User Warnings

High
Confidence
99% confidence
Finding
Hardcoded credentials in code are a direct secret exposure: they can be leaked through source control, logs, packaging, or reuse across environments. Because this script logs into a network management UI and then performs configuration changes, compromise of these credentials could provide administrative access to sensitive 5GC components.

Missing User Warnings

High
Confidence
96% confidence
Finding
The script writes Playwright storage state to disk, which commonly includes authenticated cookies and other tokens sufficient to resume a logged-in session. If another local user, process, or backup system accesses that file, they may be able to impersonate the operator and perform administrative actions without knowing the password.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script automatically submits AMF configuration changes to a remote management interface without an explicit confirmation step or strong validation of the target environment. In an infrastructure-management skill, this increases the risk of accidental or misdirected changes, especially since the target URL can be overridden and the script accepts user-supplied parameters that are applied directly to the live UI.

Missing User Warnings

High
Confidence
100% confidence
Finding
Hard-coded credentials without warning or user consent expose privileged access material to any reader, runner, or downstream log/archive of the skill. Because this automation targets a telecom core management plane and modifies policy objects, credential disclosure can lead to unauthorized access, policy tampering, service disruption, and lateral administrative misuse.

Missing User Warnings

High
Confidence
95% confidence
Finding
The script automatically deletes an existing PCC rule with the same identifier before recreating it, and it even auto-confirms the deletion dialog. In a policy-management skill for PCF/5GC systems, this is dangerous because a mistaken ID, reused default name, or malicious invocation can silently remove active policy configuration and cause service-impacting policy changes.

Missing User Warnings

High
Confidence
99% confidence
Finding
The script hardcodes a username and password directly in source, exposing reusable credentials to anyone with access to the skill package or repository. In this context, the credentials are used to log into a 5GC management interface and then perform administrative state changes, so disclosure could enable unauthorized access and configuration tampering.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script persists authenticated session cookies to a local JSON file under .sessions without any access controls, encryption, or explicit user disclosure. If another local user, process, or backup system can read that file, they may be able to hijack the authenticated web session and access the management UI without knowing the password.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The script performs a state-changing submit action that adds or modifies PCC configuration without any confirmation, dry-run mode, or explicit operator acknowledgment. In a 5GC policy-management context, accidental or scripted misuse can push unintended network policy changes that affect subscriber traffic handling, QoS, or charging behavior.

Missing User Warnings

High
Confidence
99% confidence
Finding
The embedded credentials are automatically consumed by the script to log into the target system, with no user disclosure, secret isolation, or secure handling. Because this skill automates privileged administrative actions against a 5GC management UI, exposed credentials materially increase the risk of unauthorized access and follow-on configuration tampering.

Missing User Warnings

High
Confidence
99% confidence
Finding
The script contains hardcoded credentials and then persists authenticated session cookies to disk, creating two separate credential exposures. Anyone with access to the source or the session file can potentially authenticate to the management platform and perform privileged actions, which is especially risky in an infrastructure-management skill that automates changes to 5GC components.

Missing User Warnings

High
Confidence
99% confidence
Finding
The code hardcodes an email/password pair without warning the operator or prompting for consent, which creates a direct secret exposure and encourages silent privileged access. In the context of a network-management automation skill, this can be exploited to access sensitive administrative functions beyond the intended QoS workflow.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script performs authenticated remote state-changing actions—creating QoS templates in a 5GC web console—immediately after parsing arguments, with no confirmation gate, dry-run mode, or warning about live changes. In infrastructure automation, this increases the risk of accidental or unauthorized changes, especially when combined with embedded credentials and a fixed target URL.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The script submits a state-changing request that creates a UE Smpolicy entry without any explicit confirmation, dry-run mode, or warning to the operator. Because this skill targets a live 5GC policy management UI, accidental execution can silently alter network policy data and cause operational or service-impacting misconfiguration.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script uses embedded credentials automatically and does not disclose to the operator that privileged authentication material is being consumed. This is dangerous because it hides security-sensitive behavior and can cause users to run the skill under the false assumption that it is unauthenticated, while actually granting administrative access to a telecom management system.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal