ClawHub

Canary Deploy

Security checks across malware telemetry and agentic risk

Overview

This skill is meant for risky infrastructure changes, but its rollback safety is overstated and the restore path can perform privileged overwrites from local backup metadata.

Review before installing on production or remote-only systems. Use it only with a separate working access path, explicit --backup files, and manual verification of what will be restored; do not rely on canary-test.sh baseline alone as a recovery backup.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The script advertises rollback capability for critical system changes, but it never creates the backups that rollback depends on. In this context, operators may rely on a safety mechanism that does not exist, which can turn a failed SSH, firewall, or network change into a lockout or outage with no automated recovery path.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The inline documentation reinforces a false assurance that rollback will restore backed-up configuration files, but the code never populates the backup directory. Because this skill is specifically meant for risky infrastructure modifications, misleading safety documentation materially increases the chance of unsafe operator behavior and failed recovery.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The rollback path performs privileged overwrites of system configuration files with no confirmation, path validation, or safety checks. If the backup directory contents or .path metadata are corrupted, stale, or attacker-controlled, this can overwrite arbitrary root-owned files and break or subvert the host configuration.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal