ClawHub

It Ops Toolkit

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate IT operations toolkit, but it needs review because it can actively probe networks and cameras and uses remote SSH in ways that are not fully safeguarded or disclosed.

Install only if you intend to use it for authorized IT operations. Treat SSH, batch host checks, port scans, RTSP camera probing, and log reading as sensitive actions; avoid putting real passwords in command lines or RTSP URLs, use it only on systems you own or manage, and be aware that the IP lookup contacts a third-party service. Review or patch the SSH host-key behavior before using it on production infrastructure.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (14)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
def run(cmd, timeout=15):
    try:
        r = subprocess.run(cmd, capture_output=True, text=True, timeout=timeout,
                           shell=isinstance(cmd, str))
        return r.stdout.strip(), r.stderr.strip(), r.returncode
    except subprocess.TimeoutExpired:
Confidence
95% confidence
Finding
r = subprocess.run(cmd, capture_output=True, text=True, timeout=timeout, shell=isinstance(cmd, str))

subprocess module call

Medium
Category
Dangerous Code Execution
Content
def run(cmd, timeout=10):
    try:
        r = subprocess.run(cmd, capture_output=True, text=True, timeout=timeout,
                           shell=isinstance(cmd, str))
        return r.stdout.strip(), r.stderr.strip(), r.returncode
    except Exception as e:
Confidence
97% confidence
Finding
r = subprocess.run(cmd, capture_output=True, text=True, timeout=timeout, shell=isinstance(cmd, str))

subprocess module call

Medium
Category
Dangerous Code Execution
Content
def run(cmd, timeout=30):
    try:
        r = subprocess.run(cmd, capture_output=True, text=True, timeout=timeout,
                           shell=isinstance(cmd, str), errors="replace")
        return r.stdout.strip(), r.stderr.strip(), r.returncode
    except subprocess.TimeoutExpired:
Confidence
95% confidence
Finding
r = subprocess.run(cmd, capture_output=True, text=True, timeout=timeout, shell=isinstance(cmd, str), errors="replace")

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The RTSP quick-stream feature goes beyond passive troubleshooting by automatically enumerating vendor-specific RTSP paths and probing for valid streams. In an agent-executed environment, this becomes an active reconnaissance capability against cameras/NVRs and can violate least-privilege expectations or be abused for unauthorized discovery of exposed media endpoints.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The README encourages remote SSH monitoring and batch checks against external hosts but does not clearly warn that running these commands initiates outbound connections and may disclose usernames, hostnames, key file paths, and operational metadata to target systems. In an AI-triggered skill, this is more dangerous because users may invoke remote actions through natural language without fully realizing that external systems will be contacted.

Missing User Warnings

High
Confidence
95% confidence
Finding
The README documents video troubleshooting and RTSP stream retrieval using usernames and passwords, but it does not prominently warn that credentials may be transmitted to remote devices and that probing cameras can constitute authentication attempts and service enumeration. This is especially risky in an ops skill because the examples normalize direct handling of camera credentials and automated path probing against network devices.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The activation description is very broad, uses natural-language matching, and explicitly says the listed scenarios are non-exhaustive, which increases the chance that ordinary user requests trigger operational scripts unexpectedly. Because the skill can perform network diagnostics, remote SSH monitoring, log inspection, and troubleshooting workflows, ambiguous triggering can lead to unintended execution against local or remote systems.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The commands for '巡检' or '全面检查' are especially risky because they invite a broad, undefined inspection workflow and map directly to a composite troubleshooting command. In this skill context, that could trigger multiple checks across performance, network, logs, OOM, and crash data without the user understanding the scope, increasing the risk of over-collection, unintended scanning, or execution against sensitive environments.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation repeatedly embeds credentials directly inside RTSP URLs and command-line examples, such as `rtsp://admin:pass@...` and `--user admin --pass 12345`. In an ops skill that users may copy/paste into shells, terminals, logs, chat transcripts, process listings, and command history, this encourages insecure secret handling and can lead to credential exposure or reuse of default camera passwords on real systems.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The ipinfo feature sends either the user's public IP context or a supplied IP address to ipapi.co, a third-party service, without any warning, consent flow, or documentation of data sharing. In an enterprise IT-ops skill, this can leak internal investigation targets and operator metadata to an external party, which is especially sensitive in security and incident-response contexts.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The SSH helper explicitly disables host key verification with StrictHostKeyChecking=no, which permits man-in-the-middle interception and silent trust of spoofed servers. In an IT operations skill that connects to remote infrastructure and runs diagnostic commands, this is especially dangerous because operators may expose hostnames, topology, service details, and key-based access to an attacker-controlled endpoint.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The RTSP check sends supplied camera credentials using Basic authentication and may do so over plain RTSP, which exposes credentials to the target service and potentially to network observers on untrusted networks. In a natural-language agent workflow, users may not realize that invoking the tool transmits sensitive credentials immediately over the network.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The HTTP/HLS/ONVIF checks perform outbound requests to user-supplied URLs, which can be abused for SSRF-like access from the agent host to internal or sensitive network locations. Because this skill is designed to be triggered via natural language, the operational context makes unintended network probing more dangerous than a standalone local script.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
Automatic RTSP path probing issues repeated authenticated requests across many vendor-specific endpoints, effectively combining credential use with service enumeration. This increases the risk of unauthorized probing, account lockouts, or excessive access attempts against surveillance devices, especially when the agent may act on broad natural-language prompts.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal