ClawHub

Homelab Runbook

Security checks across malware telemetry and agentic risk

Overview

This skill scans local services to create a homelab runbook; the behavior is disclosed and purpose-aligned, but the saved output can reveal sensitive system details.

Install only if you want an agent to inspect the local host's running services, containers, mounts, and listening ports. Treat generated runbooks as sensitive: do not publish them casually, review them before sharing, and avoid scheduled runs unless you understand where the files will be stored.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Output HandlingUnvalidated Output Injection, Cross-Context Output, Unbounded Output
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill explicitly instructs running local scripts, invoking shell commands, and writing output files, but no permissions are declared. That mismatch undermines least-privilege expectations and can cause the agent or user to execute filesystem and host-inspection actions without clear consent boundaries. In this context, the danger is elevated because the skill inventories services, ports, mounts, and host state, which are sensitive operational details.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The activation text contains broad phrases such as 'what's running', 'list my services', and 'scan ports', which may match ordinary troubleshooting requests and trigger host enumeration unexpectedly. Because the skill performs local reconnaissance and writes a runbook, overbroad triggering increases the chance of unintended collection and disclosure of sensitive system information.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill is designed to enumerate Docker containers, system services, listening ports, images, mount points, and health status, then save the results to disk, but it does not prominently warn about privacy and security exposure. Those outputs can reveal internal topology, software stack details, filesystem paths, and management surfaces that would aid lateral movement or targeted exploitation if exposed.

Unvalidated Output Injection

High
Category
Output Handling
Content
# Try --format json (Docker 20.10+)
    try:
        result = subprocess.run(
            ["docker", "ps", "--format", "{{json .}}"],
            capture_output=True,
            text=True,
Confidence
77% confidence
Finding
subprocess.run( ["docker", "ps", "--format", "{{json .}}"], capture_output

Unvalidated Output Injection

High
Category
Output Handling
Content
# Fallback: plain docker ps
    try:
        result = subprocess.run(
            ["docker", "ps", "--no-trunc"],
            capture_output=True,
            text=True,
Confidence
80% confidence
Finding
subprocess.run( ["docker", "ps", "--no-trunc"], capture_output

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal