ClawHub

Nexus Brain

Security checks across malware telemetry and agentic risk

Overview

This SRE helper is coherent but needs Review because it can read logs, send redacted snippets to an AI tool, and coordinate docker/pm2 recovery actions without tight target scoping or guaranteed approval.

Install only if you are comfortable with an SRE helper reading operational logs, sending redacted excerpts to your configured AI provider, and potentially coordinating docker/pm2 recovery. Configure explicit approval for every restart, restrict allowed service targets, preview log snippets before external analysis, and verify the local opencode, docker, pm2, and psutil installations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
def ask_orchestrator(prompt, target_binary="opencode"):
    # First, try to find the binary in PATH, then fallback to user home
    opencode_path = subprocess.run(["which", target_binary], capture_output=True, text=True).stdout.strip()
    if not opencode_path:
        opencode_path = os.path.expanduser("~/.opencode/bin/opencode")
Confidence
79% confidence
Finding
opencode_path = subprocess.run(["which", target_binary], capture_output=True, text=True).stdout.strip()

Missing User Warnings

Medium
Confidence
95% confidence
Finding
User-provided prompt content is sent directly to an external binary for processing, and the code only performs weak regex redaction before doing so. This can expose sensitive data to another tool or service without clear user awareness, especially because the redaction is incomplete and easy to bypass with alternate secret formats.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal