ClawHub

agent-bom

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed security-scanner skill, but it can inspect local AI-tool configuration and should be run only with clear intent and reviewed scope.

Install this only if you want agent-bom to inventory local AI/MCP configuration and optionally inspect cloud posture. Verify the PyPI or Docker package and version, review the listed file paths before discovery, use least-privilege read-only cloud credentials, and require explicit confirmation before broad directory scans, cloud benchmarks, proxy mode, or dashboard startup.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The description includes broad natural-language triggers like "find agents," "what's configured," and "doctor," which can overlap with ordinary user requests and cause the skill to activate when the user did not explicitly intend local system discovery. Because this skill reads many local configuration files across developer tools, accidental invocation can expose sensitive structural environment information and expand the agent's access to the local machine context.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The "When to Use" section repeats ambiguous, everyday phrases such as "show me what's installed" and "check my setup," which are common requests that may be interpreted broadly by an orchestrator. In the context of a discovery skill that inspects numerous local config locations, this increases the risk of unintended execution and unrequested enumeration of local agent/MCP infrastructure.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger phrases are broad and map to common conversational terms like "fleet," "runtime status," and "agent lifecycle," which can cause the skill to activate in contexts where the user did not intend to invoke monitoring or start a dashboard-related workflow. In this skill, that misrouting is moderately risky because it can lead the agent toward local system inspection commands and potentially launching a localhost service (`agent-bom serve`), even though the documented behavior is otherwise read-only and local-only.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger phrases are broad enough to match generic security requests such as cloud security, CIS benchmark, misconfigurations, and find secrets, which can cause the skill to be invoked outside a narrowly intended context. Because this skill can perform live cloud API checks when invoked, over-broad routing increases the chance of unnecessary credentialed operations or scanning on unintended targets.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger phrases in the frontmatter are broad enough to match common user requests such as "verify" or "is this safe," which can cause the skill to activate in contexts the user did not intend. Because this skill performs local discovery of many agent/client config files and may contact external vulnerability services, overbroad activation increases the chance of unnecessary access and network transmission.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The "When to Use" section repeats ambiguous phrases like "verify," "is this safe," and "scan dependencies" without requiring clear security context or a concrete scan target. In an agent ecosystem, this ambiguity can lead to unintentional invocation of a skill that reads numerous local configuration files and performs network lookups, expanding data exposure beyond user expectation.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger phrases in the frontmatter are broad enough to match ordinary support language like 'debug', 'something is broken', or 'fix my setup', which can cause the skill to activate outside its intended security-diagnostics context. In an agentic environment, overbroad activation increases the chance of unnecessary local inspection of configs, package state, and database status, exposing sensitive environment details or causing the wrong tool to be invoked.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The 'When to Use' section repeats ambiguous, everyday troubleshooting prompts without constraining them to this tool or its local diagnostic scope. That makes accidental or inappropriate invocation more likely, and because the skill reads local configuration and environment state, misrouting a generic support request to this skill can leak contextual system information into the agent workflow.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal