ClawHub

Container Update Advisor

Security checks across malware telemetry and agentic risk

Overview

This skill performs a read-only Docker container update check and report, with expected external lookups to Docker Hub and GitHub.

Install this only where you are comfortable letting the skill read your running Docker container names, image names, and tags, and query Docker Hub and GitHub with that metadata. If you use GITHUB_TOKEN, prefer a least-privilege token for public API reads, avoid placing it in shared logs or committed files, and remember the skill only reports updates; it does not apply them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The invocation text is broad enough to match generic requests like 'docker updates' or 'what needs updating,' which can cause the skill to run in contexts where the user did not intend container inspection or outbound lookups. That increases the chance of unintended enumeration of local runtime details and unsolicited network requests.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The description does not tell users that the skill inspects running containers and reaches out to Docker Hub and GitHub. Without that warning, users may unknowingly authorize local environment inspection and external disclosure of image names/tags or related metadata.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation encourages setting a GitHub token but provides no guidance on secure handling, least privilege, storage, or avoiding accidental disclosure. This can lead users to expose sensitive credentials in shells, logs, screenshots, shared environments, or overly privileged tokens.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal