ClawHub

Ai Config Admin

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed local AI configuration editor, but it can persist API keys and change future model/provider behavior.

Install only if you want an agent to edit local AI tool configuration. Before approving writes, verify the exact target file, provider URL, model ID, auth-file replacement, and memory-search change. Avoid pasting long-lived production keys when possible, and protect or delete generated backup files if they contain old credentials.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
80% confidence
Finding
The trigger set is very broad, covering generic terms like provider, model, settings files, and common environment variable names. This can cause the skill to activate in loosely related contexts and perform sensitive configuration operations when the user's intent is ambiguous, especially because the skill is capable of writing auth and settings files.

Missing User Warnings

High
Confidence
95% confidence
Finding
The tool accepts API keys via command-line arguments and persists them directly into the JSON config. Command-line arguments are often exposed through shell history, process listings, audit logs, and CI job logs, so secrets can leak even if the config file itself is protected.

Missing User Warnings

High
Confidence
96% confidence
Finding
The add-model path also allows provider API keys to be written into persistent configuration without any safeguards or warning. In this skill context, the script is specifically designed to manage AI provider credentials and config files, which makes secret exposure more likely and more damaging because these credentials can grant paid API access or access to sensitive model traffic.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal