ClawHub

wagmios

Security checks across malware telemetry and agentic risk

Overview

This skill gives an agent scoped control over Docker/WAGMIOS hosts, which is powerful but clearly aligned with its stated homelab-management purpose.

Install only if you want an agent to administer WAGMIOS/Docker hosts. Use separate least-privilege API keys per host, treat logs/config output as sensitive, and require explicit confirmation before installs, stops, deletes, image pulls/deletes, or multi-host changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Intent-Code Divergence

Medium
Confidence
85% confidence
Finding
The multi-machine workflow performs impactful actions on two hosts, including starting a newly installed service, without the explicit confirmation step that the document elsewhere requires for destructive or system-changing operations. In an agent skill, this weakens user consent boundaries and increases the chance of unintended changes being applied across multiple machines from a single ambiguous request.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documented container config endpoint explicitly returns full container configuration including environment variables, volumes, and ports, which commonly contain secrets such as API keys, database credentials, and internal filesystem paths. In an agent skill context, exposing this endpoint without strong guidance to treat the output as sensitive increases the chance the agent will retrieve, store, summarize, or echo secrets into chat or logs.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
Container logs frequently contain sensitive application data, tokens, stack traces, user information, and operational secrets. Because this skill is designed for agent-driven Docker management, the absence of a warning or handling guidance makes it more likely that an agent will access and surface sensitive log content unintentionally.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The reference explicitly instructs the agent to create and start marketplace apps but does not warn that these actions will pull container images, write files/directories under the host-mapped container storage path, and launch services that expose ports on the host. In an agent setting, missing side-effect disclosure increases the chance of unintended infrastructure changes or user surprise, especially because this skill is specifically designed for remote Docker and homelab management.

Missing User Warnings

Low
Confidence
81% confidence
Finding
Stopping a running container can cause user-visible downtime, but the workflow executes immediately after a simple request without an explicit interruption warning or confirmation. In an agent-operated infrastructure skill, even non-destructive service-state changes should clearly communicate impact before acting.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The multi-machine workflow applies changes across multiple hosts without an explicit warning that several systems will be modified. This increases operational risk because a single prompt can trigger distributed changes, making mistakes or misunderstood intent more damaging than on a single host.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal