ClawHub

Ambari API

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Ambari cluster-management skill, but it handles powerful cluster credentials and disruptive service actions with weak safeguards.

Install only if you are comfortable with a local script storing Ambari passwords in plaintext under the skill directory and making authenticated changes to Hadoop services. Use a least-privilege Ambari account, avoid production credentials in examples or shell history, restrict config file permissions, consider replacing plaintext storage with a secret manager, and review the TLS verification default before using it on any real cluster.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (16)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill performs file read/write and network operations but does not declare permissions, which weakens transparency and informed consent for a tool that stores credentials and sends authenticated requests to cluster infrastructure. In this context, the hidden capability set is meaningful because the documented workflow includes local config storage and remote administrative actions against Ambari-managed services.

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The documented behavior exceeds the stated purpose and includes especially sensitive functionality: local storage of Ambari usernames and passwords, host/component enumeration, and broader cluster management operations. The plaintext credential storage aspect materially increases risk because compromise of the local environment exposes reusable infrastructure credentials, while the mismatch makes users less likely to anticipate that exposure.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The examples embed plaintext Ambari credentials, including what are labeled as development and production passwords, directly in documentation and command lines. This encourages insecure secret handling, risks accidental credential reuse in real environments, and exposes secrets through shell history, screenshots, logs, and source control.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The troubleshooting guidance explicitly recommends trying the default Ambari credentials `admin/admin`, which normalizes insecure authentication behavior and may prompt unauthorized access attempts against systems that were never properly hardened. In a cluster-management skill, this is more dangerous because the target system is an administrative control plane; if defaults remain enabled, an attacker could gain broad operational control over Hadoop services and data workflows.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger language is broad enough to activate on generic cluster or Hadoop-related requests, increasing the chance the skill is invoked in situations where users did not intend live administrative actions. Because this skill can manage production-style infrastructure, overbroad activation raises the risk of unintended disclosure, credential prompts, or destructive service operations.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation presents START/STOP/RESTART service actions as routine examples without warning that these are disruptive administrative operations that can cause outages or data-processing interruption. In a cluster-management skill, omission of safety guidance is dangerous because users may execute commands against production services with insufficient understanding of operational impact.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
Host component stop actions can degrade replication, availability, and cluster stability, yet the documentation shows these commands without cautionary language or operational prerequisites. This is especially risky in Hadoop environments where stopping a single component such as a DataNode can affect resilience and service health beyond the target host.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation instructs users to add and store Ambari credentials but provides no warning about credential sensitivity, storage location, or protection expectations. Given the associated finding that credentials are stored locally in plaintext, this omission materially increases the chance of accidental exposure of privileged cluster administrator credentials.

Missing User Warnings

High
Confidence
99% confidence
Finding
The examples normalize passing credentials in plaintext without any warning about secure handling. In practice, command-line secrets are often exposed via process listings, shell history, CI logs, shared terminals, and copied documentation, making credential compromise likely in operational use.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The operational examples show stop, start, and restart actions against a production configuration and production services with no warnings, safeguards, or change-control guidance. This can lead users to execute disruptive actions in live clusters, causing avoidable downtime, data-processing interruption, or service instability.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
Suggesting default credentials without a security warning is unsafe because it encourages credential guessing and can be interpreted as endorsed practice by operators. Given this skill manages Ambari, successful use of a default admin account could expose cluster-wide management functions, enabling service disruption, configuration changes, and potential access to sensitive data paths.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill stores Ambari usernames and passwords in a local JSON config file under the user's home directory without any permission hardening, encryption, or warning. On multi-user systems or systems with lax filesystem permissions, this can expose administrative cluster credentials and enable unauthorized control of Hadoop services.

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.28.0
urllib3>=1.26.0
Confidence
92% confidence
Finding
requests>=2.28.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.28.0
urllib3>=1.26.0
Confidence
92% confidence
Finding
urllib3>=1.26.0

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
78% confidence
Finding
requests

Known Vulnerable Dependency: urllib3 — 10 advisory(ies): CVE-2025-66471 (urllib3 streaming API improperly handles highly compressed data); CVE-2024-37891 (urllib3's Proxy-Authorization request header isn't stripped during cross-origin ); CVE-2026-21441 (Decompression-bomb safeguards bypassed when following HTTP redirects (streaming ) +7 more

High
Category
Supply Chain
Confidence
76% confidence
Finding
urllib3

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal