ClawHub

Dashboard Builder

Security checks across malware telemetry and agentic risk

Overview

This dashboard builder matches its stated purpose, but it gives an agent powerful database, migration, deployment, and service-key workflows that need careful review before use.

Install only if you are comfortable letting an agent create project files, install packages, generate SQL migrations, and guide deployment. Use a test Supabase project first, review generated migrations before running db push, keep SUPABASE_SERVICE_ROLE_KEY server-only and out of source control, and prefer least-privilege or backend-mediated writes where possible.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to search from the filesystem root (`find /`) to locate templates, which expands file discovery well beyond the project workspace. In an agent context, this can expose unrelated files, secrets, or other tenants' data and violates least-privilege assumptions even if the goal is only to find a template directory.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The skill recommends a sync mode where an agent writes directly to Supabase using the service role key as a general pattern. Service role credentials bypass Row Level Security, so any misuse, prompt-injection-driven action, or implementation error could lead to unrestricted reads/writes across user data.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The document claims all tables will have per-operation RLS, but many schemas leave RLS generation as TODO comments rather than concrete policies. In an agent-executed build spec, these omissions are dangerous because implementers may ship tables without effective authorization controls, causing cross-tenant data exposure or unauthorized modification.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The spec mandates Zod validation for API routes, but the sample webhook handler accepts arbitrary JSON and passes it directly to a skill-specific ingest handler. This creates a clear trust-boundary failure: malformed or malicious payloads can trigger unsafe logic, bad writes, denial of service, or downstream injection bugs in skill handlers.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The README explicitly promotes a flow where an agent scaffolds a project, generates database migrations, and deploys automatically, but it does not warn users that these actions can create or modify infrastructure, schemas, and hosted applications with real-world consequences. In an agent-skill context, this is dangerous because the documentation encourages high-impact automation from a single prompt, which increases the chance of unintended deployment, destructive schema changes, or insecure default setups without informed user confirmation.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The activation phrases are very broad and match common dashboard-related requests, increasing the chance this skill will trigger in contexts not specifically intended for it. Over-broad invocation can cause the agent to scaffold projects, inspect manifests, run commands, or handle secrets when the user only asked a generic question about dashboards.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The guide instructs users to place a Supabase service-role key in `.env.local` alongside client-facing `NEXT_PUBLIC_*` values, but does not warn that the service-role key is highly privileged and must never be exposed to browser code or committed to source control. In a dashboard-generation context, readers may incorrectly use this secret in frontend pages or generated skill code, which could bypass RLS and grant full database access if leaked.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal