ClawHub

Db Explorer

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate database helper, but it includes high-impact restore, import, migration, and dump workflows without enough scoping or safeguards for an exploration-focused skill.

Install only if you want the agent to have database-administration guidance as well as read-only exploration help. Before any export, backup, restore, import, migration, or write, require the exact command, confirm the target database and environment, choose a protected destination path, and avoid production unless explicitly intended.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill is presented as a database exploration/query tool, but it also documents restore and migration workflows that can overwrite data or copy data between systems. In an agent context, that scope expansion is dangerous because users or downstream planners may invoke destructive administrative commands under the assumption that the skill is primarily read-only and exploratory.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The skill states 'ALWAYS' read-only-by-default rules, but later provides restore/import commands without repeating or enforcing confirmation requirements. This inconsistency can cause an agent to treat the examples as approved operational steps and execute state-changing commands without the explicit user confirmation the safety section promises.

Context-Inappropriate Capability

Low
Confidence
79% confidence
Finding
Including backup capability verification as a routine post-connection step expands the skill from exploration into administrative operations. Even when a backup is nominally read-oriented, testing dump capability can create local files containing sensitive data and normalize privileged actions that are unnecessary for ordinary schema inspection or querying.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The activation phrases are broad enough that the skill may trigger on vague requests like 'check the database' or mentions of a connection string, even when the user did not intend direct database access. In an autonomous or semi-autonomous agent system, overbroad activation increases the chance of unnecessary credential use, data exposure, or accidental execution of sensitive database commands.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The export, backup, restore, and migration sections provide executable commands that write files or modify databases, but they lack prominent warnings and operational safeguards at the point of use. In practice this makes accidental data exfiltration, overwrites, or cross-environment copying more likely, especially because the skill otherwise emphasizes convenience and exploration.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal