ClawHub

Db Explorer

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed database helper skill with real operational risk, but the artifacts do not show hidden behavior, automatic execution, exfiltration, or deception.

Install only if you want an agent to help with database CLI workflows. Use read-only or least-privilege credentials, avoid production admin access when possible, review every generated query or command before execution, keep exports limited and stored in access-controlled paths, and treat restore/import/migration commands as manual admin actions requiring explicit approval and verified backups.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill is presented as a database exploration/query/export tool, but it also includes backup, restore, and migration commands that can modify or overwrite production data. That scope expansion is dangerous because an agent may invoke destructive administrative operations under a seemingly read-oriented skill name, increasing the chance of accidental misuse.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The file promises read-only-by-default behavior and confirmation for writes, but later provides direct restore and import commands that perform writes immediately. This contradiction is dangerous because downstream agents or users may rely on the stated safety policy while executing undocumented exceptions that can alter or destroy data.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The activation phrases are broad enough to match common requests like 'check the database' or 'show me the data,' which can cause the skill to trigger in contexts where the user did not intend direct database access. In a skill that contains write, backup, restore, and export guidance, overbroad invocation increases the chance of unnecessary credential handling, data exposure, or escalation into risky operations.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The export examples create files in /tmp and can extract entire tables, but they do not clearly warn about sensitive data landing on disk, file overwrites, retention, or access by other local users/processes. In database contexts, exports often contain regulated or confidential records, so omitting user-impact warnings materially increases data leakage risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal