ClawHub

Wsl Service Deploy

Security checks across malware telemetry and agentic risk

Overview

This skill is for WSL service deployment, but it teaches unsafe root access, weak default credentials, externally exposed services, and destructive cleanup commands.

Review carefully before installing. Use this only in disposable or tightly controlled WSL environments, replace all example passwords, avoid remote Redis exposure unless you add firewalling and strong authentication, and do not run purge or rm -rf cleanup steps unless you have backups and explicitly intend to erase service data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (12)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill explicitly recommends `bind 0.0.0.0` to allow external connections, which expands exposure from local WSL-only service setup to network-accessible service deployment. In context, this increases attack surface and can unintentionally publish Redis or similar services without adequate firewalling, authentication hardening, or user warning.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The instructions include force-removing package manager lock files and killing `apt`/`dpkg` processes, which exceeds normal deployment steps and can disrupt system package integrity. In a privileged WSL administration skill, these commands are dangerous because they normalize recovery actions that may corrupt package state or terminate unrelated maintenance operations.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The skill markets the workflow as 'secure' while embedding practices that are not secure, including a hardcoded root password and password piping to `su`. This contradiction is dangerous because it can mislead users into adopting insecure privileged automation under a false assurance of safety.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The document presents a 'preferred' and 'safe' WSL management approach while also documenting hardcoded root-password escalation and SSH root login. This normalizes insecure administrative patterns and exposes credentials that enable immediate privilege escalation and remote root access if reused or if the WSL instance is network-reachable.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
Labeling password-based root execution as a way to 'bypass sudo password' explicitly encourages circumvention of normal privilege controls. Combined with a hardcoded password, this creates a turnkey privilege-escalation recipe that reduces operator caution and increases the chance of unauthorized or unsafe root actions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README advertises an uninstall flow that includes purging packages, deleting data directories, and cleaning residual files, but it does not warn that this can permanently destroy service data and configuration. In an automation skill, users may invoke this action casually and suffer irreversible data loss without informed consent.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The README says Redis installation includes binding to 0.0.0.0 and setting a password, but gives no warning that exposing Redis on all interfaces substantially increases attack surface. Redis is commonly abused when exposed, and a weak/default password or network misconfiguration can lead to unauthorized access or data compromise.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The README describes piping the root password into `su -c` to obtain root access and explicitly frames it as bypassing sudo password friction, without any warning about credential exposure. Passing passwords via shell pipelines can leak secrets through logs, process inspection, command history, or downstream tooling, and normalizes an unsafe privilege-escalation pattern.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The uninstall section includes service stop, package purge, and recursive deletion of data directories without any explicit warning about irreversible data loss. In an operational skill intended for service management, this creates a realistic risk of accidental destructive execution by users or downstream agents.

Missing User Warnings

High
Confidence
99% confidence
Finding
The skill instructs users to pass a root password through `echo ... | su`, exposing credentials in documentation and encouraging insecure handling that may leak via shell history, process inspection, logs, or copied scripts. Given that the file later discloses a concrete root password, this is especially dangerous in context.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The guide includes package purges and recursive deletion of MySQL data and configuration paths without any warning, backup step, or scope check. In an operations skill, such copy-pastable destructive commands can cause irreversible data loss and service outage when executed in the wrong environment or against a live instance.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The Redis instructions both bind to 0.0.0.0 and set a trivial static password, exposing the service to remote access with weak authentication. In WSL or bridged/local network scenarios, this can permit unauthorized access, data theft, tampering, or use of Redis as a foothold for further compromise.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal