ClawHub

China Mirrors

Security checks across malware telemetry and agentic risk

Overview

The skill is coherent but should be reviewed because it can permanently redirect future package downloads through third-party mirrors and overwrite existing package-manager settings.

Install only if you intentionally want an agent to change package-manager mirror settings. Prefer project-level configuration, require the exact commands and files before execution, back up existing package-manager and shell config files, and verify that Aliyun, Huawei Cloud, Tsinghua, USTC, or other selected mirrors are acceptable for your security or workplace policy.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Rogue AgentSelf-Modification, Session Persistence
  • YARA SignaturesMalware Match, Webshell Match, Cryptominer Match
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Session Persistence

Medium
Category
Rogue Agent
Content
**Linux/Mac 全局配置:**
```bash
mkdir -p ~/.pip
cat > ~/.pip/pip.conf << 'EOF'
[global]
index-url = https://mirrors.aliyun.com/pypi/simple/
Confidence
95% confidence
Finding
mkdir -p ~/.pip cat > ~/.pip

Session Persistence

Medium
Category
Rogue Agent
Content
**全局配置:**
```bash
mkdir -p ~/.cargo
cat > ~/.cargo/config.toml << 'EOF'
[source.crates-io]
replace-with = 'aliyun'
Confidence
96% confidence
Finding
mkdir -p ~/.cargo cat > ~/.cargo/config.toml << 'EOF' [source.crates-io] replace-with = 'aliyun' [source.aliyun] registry = "https://mirrors.aliyun.com/crates.io-index/" EOF echo "✓ cargo 已配置为阿里云镜像"

Session Persistence

Medium
Category
Rogue Agent
Content
#### 3.8 Maven 配置

```bash
mkdir -p ~/.m2
cat > ~/.m2/settings.xml << 'EOF'
<?xml version="1.0" encoding="UTF-8"?>
<settings>
Confidence
95% confidence
Finding
mkdir -p ~/.m2 cat > ~/.m2/settings.xml << 'EOF' <?xml version="1.0" encoding="UTF-8"?> <settings> <mirrors> <mirror> <id>aliyun</id> <mirrorOf>central</mirrorOf> <name>Aliyun

YARA rule 'backdoor_persistence': Backdoor persistence with malicious payloads (shell commands, SSH key injection, hidden root users) [malware]

High
Category
YARA Match
Content
**Bundler 项目级配置:**
```bash
bundle config mirror.https://rubygems.org https://mirrors.tuna.tsinghua.edu.cn/rubygems/
echo "✓ Bundler 镜像已配置"
```
Confidence
94% confidence
Finding
echo 'export GOPROXY=https://mirrors.aliyun.com/goproxy/,direct' >> ~/.bashrc; echo 'GRADLE_USER_HOME=~/.gradle' >> ~/.bashrc

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal