ClawHub

Pve Builder

Security checks across malware telemetry and agentic risk

Overview

This Proxmox VM builder is mostly aligned with its stated purpose, but it needs Review because it handles live credentials unsafely and uses broad local shell execution with weak scoping.

Review before installing. Prefer SSH-key-only provisioning, avoid printing or saving VM passwords in chat transcripts or generated command files, and rotate any bootstrap password immediately. Use a dedicated locked-down SSH key directory, avoid sensitive internal URLs or product names in web lookups, and inspect all generated shell and Proxmox commands before running them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill claims to be a command generator but also instructs the agent to generate and locally execute a bash pre-flight script. Executing dynamically generated shell, even for validation, expands the trust boundary and creates a code-execution surface on the agent host if user-controlled values are embedded unsafely.

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
The skill exposes a generic shell execution helper that can run arbitrary commands constructed from user-controlled inputs such as paths and VM names. In a skill that is primarily described as a command generator, retaining broad shell execution increases the attack surface and makes command injection bugs elsewhere much more dangerous.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill directs the agent to write and execute a temp bash script locally without a strong user-facing warning or a robust constraint that all inserted values are safely handled. Because many script variables derive from user input or config, this can become command injection or unintended local execution on the agent machine.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill generates SSH credentials and writes them to disk without a clear up-front warning, and worse, it falls back to writing placeholder private/public key material if ssh-keygen fails. This can mislead users into believing real credentials were created and may result in insecure or unusable authentication artifacts being stored locally.

Ssd 3

High
Confidence
99% confidence
Finding
The skill explicitly requires displaying generated or user-supplied passwords in final output. That creates an unnecessary credential exposure channel through chat transcripts, logs, screenshots, shell history, and any downstream storage or observability systems handling agent output.

Ssd 3

High
Confidence
99% confidence
Finding
The security section reinforces a requirement to always reveal passwords back to the user, normalizing credential disclosure as part of routine output. In this skill context, that is especially risky because the output may also be written to disk and reused, increasing persistence of exposed secrets.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal