Clawhub

Security checks across malware telemetry and agentic risk

Overview

This skill openly provides paid VPS provisioning and management, but users should be careful with spending approvals and SSH/private-key handling.

Install only if you intend to let the agent provision and manage paid cloud servers. Require explicit approval before any payment, lease extension, add-on, root exec action, or destroy operation, keep wallet and API keys tightly scoped, and prefer supplying your own SSH public key over receiving a generated private key.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill explicitly enables provisioning, extending, and destroying paid infrastructure, but it does not prominently require user confirmation before billable or destructive actions. In an agent setting, this creates a real risk of unintended spending or teardown if the model acts autonomously on ambiguous prompts.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The documentation offers a mode where a private SSH key is returned once, but it does not include a strong warning about secret handling, storage minimization, log redaction, or avoiding display back to the user unnecessarily. In agent workflows, such material can be leaked through logs, transcripts, memory, or downstream tools, leading to full root compromise of the provisioned server.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal