ClawHub
Back to skill

Security audit

deployment-manager

Security checks across malware telemetry and agentic risk

Overview

This deployment guidance skill is coherent and purpose-aligned, but its examples can affect live infrastructure if copied without review.

Install only if you want deployment and release-management guidance. Treat all deployment, rollback, traffic-routing, feature-flag, and database snippets as templates: verify cluster context, namespaces, service names, credentials, backups, restore procedures, and approval requirements before running anything against production.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill includes blue-green deployment and traffic-switching commands that make real production changes, but it does not clearly warn users that these examples can disrupt live services if copied directly. In a deployment-focused skill, such operational examples are expected, but omission of safety framing, prerequisites, and environment scoping increases the risk of accidental misuse.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The rollback script performs operationally destructive actions such as rollout undo and alerting logic without an explicit warning that executing it can revert production state and affect availability. Although rollback is a legitimate deployment function, presenting an executable automation example without safety guardrails can lead to unintended service impact or rollback of the wrong target.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The database migration example performs backup, migration, rollback SQL, and restore operations without explicitly warning about risks to data integrity, schema compatibility, and recovery limitations. In a deployment-manager skill this content is contextually relevant, but database changes are high-risk enough that the absence of cautionary guidance can enable accidental data loss or prolonged outage.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal