ClawHub

Db Explorer

Security checks across malware telemetry and agentic risk

Overview

This database skill is mostly legitimate, but it includes high-impact restore, import, migration, and export commands without consistently strong safeguards.

Install only if you are comfortable giving an agent database access. Use a read-only database account by default, avoid production credentials where possible, confirm every write/restore/import command manually, choose secure export paths, and delete exported files or backups containing sensitive data when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

High
Confidence
94% confidence
Finding
The skill is presented as a database exploration tool, but it also includes restore, backup, and migration commands that can overwrite or import data. In an agent setting, this broadens the operational scope from read-only inspection to destructive or state-changing administration, increasing the chance that the agent performs unsafe actions under an exploration-oriented invocation.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The safety section promises read-only defaults and confirmation before writes, but later examples include direct restore/import operations with no confirmation or rollback safeguards. This inconsistency is dangerous because an agent may follow the concrete executable examples rather than the earlier policy text, leading to accidental data loss or unauthorized modification.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The activation cues include broad phrases like checking the database or showing data, which may cause the skill to trigger in contexts where the user did not clearly authorize database access. Because this skill can expose schema contents, query live data, and includes admin operations elsewhere, over-broad activation raises the risk of inappropriate access or sensitive data disclosure.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The export instructions write query results to local files without warning that those files may contain sensitive production data or persist beyond the session. In agent workflows, silent file creation can leak secrets, PII, or regulated data into insecure locations like /tmp or workspace artifacts.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal