ClawHub

KameleonDB

Security checks across malware telemetry and agentic risk

Overview

KameleonDB appears to be a legitimate agent database skill, but it gives agents broad persistent database write, query, schema-change, and import authority without enough user-control and privacy guardrails.

Install only if you intentionally want an agent to manage a dedicated persistent database. Use an isolated test or agent-only database, avoid production credentials, set least-privilege access, and define explicit rules for when the agent may store personal data, run SQL, change schemas, delete records, import files, or optimize storage.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill description is extremely broad and encourages use for many ordinary memory and workflow tasks without clear activation boundaries or user-consent guardrails. In an agent ecosystem, this can cause over-triggering and unnecessary routing of general user data into a persistent database, increasing privacy and data-retention risk.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill repeatedly promotes persistent storage of contacts, preferences, session state, CRM data, and historical information, but does not include a clear warning that data will be retained across sessions or may contain personal/sensitive information. This creates a realistic risk that an agent will store user data without meaningful notice or consent, especially given the skill's positioning as a general memory layer.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The example shows an agent creating schema and inserting customer data without any warning about persistence, data sensitivity, access control, or rollback implications. In an agent-driven setting, documentation like this can normalize autonomous writes to persistent storage and increase the chance that user or customer data is stored or modified without explicit approval or safeguards.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The workflow encourages an agent to generate and execute SQL over customer records using schema context, but it does not mention privacy, query safety, authorization boundaries, or restrictions on exposing raw customer data. Because the skill is explicitly agent-oriented and handles persistent customer information, this omission makes unsafe autonomous access and bulk extraction materially more likely.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The example presents storage materialization and batch ingestion as routine autonomous actions without warning that they can trigger large-scale, persistent, and potentially hard-to-reverse system changes. In agent workflows, this can lead to unintended migrations, cost/performance impacts, or mass ingestion of sensitive or malformed data without review.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal