ClawHub

OceanBase Deploy

Security checks across malware telemetry and agentic risk

Overview

This OceanBase operations skill appears legitimate, but it documents powerful database actions with some missing safety warnings and broad trigger wording, so users should review it before installing.

Install only if you expect the agent to help administer OceanBase with obd. Before using it, require explicit confirmation for destructive or state-changing commands, verify OCP endpoints before exporting clusters, avoid putting passwords directly in shell history, and run benchmarks only on approved test environments or carefully scoped non-production tenants.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (14)

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The documentation says a 'full skill validation' covers cluster, tenant, and backup, which contradicts the skill's declared purpose and the commands documented elsewhere in the file. This is not just incomplete documentation: it actively describes broader operational coverage than the skill itself claims to handle.

Vague Triggers

Medium
Confidence
91% confidence
Finding
README 在“提问建议”中建议用户使用“帮我执行”“先不要执行”等通用短语来驱动行为切换,这类表述高度通用,缺少与 OceanBase 域或具体 skill 的绑定。由于文件未给出更严格的触发范围或排除条件,这些短语容易与普通对话混淆,造成非预期调用。

Missing User Warnings

Medium
Confidence
95% confidence
Finding
README 给出了一键安装脚本,包含创建本地目录和通过 curl 从远程地址下载文件到用户环境的操作。这些行为会修改本地文件系统并发起网络请求,但附近没有明确提醒用户该命令会写入 `.claude/skills/` 目录并从 GitHub 拉取内容。

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Cursor 部分同样提供了直接执行的 shell 命令,会创建 `.cursor/skills/` 目录并通过 curl 下载远程文件。虽然这是集成流程的一部分,但文档没有明确告知用户会发生本地写入和网络获取,也未提示先审阅下载内容。

Vague Triggers

Medium
Confidence
91% confidence
Finding
The description says to use this skill when the user's intent is unclear, for general OceanBase obd questions, and also whenever users mention OceanBase or obd. Those triggers are broad and lack clear exclusion boundaries or negative examples, which increases the chance this overview skill is invoked when a more specific skill would be more appropriate.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The manifest description says to use the skill when users mention broad topics like "cluster management," "OCP," or "monitoring," without clear exclusion conditions or narrower trigger constraints. In a markdown/manifest context, this can cause unintended invocation because those terms may appear in general discussion rather than a request to manage an OceanBase cluster via obd.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The takeover example includes `obd cluster export-to-ocp ... -u <user> -p <password>`, which involves sending credentials and cluster data to a remote control plane. Although the file documents the command, it does not warn users to verify the destination, protect credentials, or avoid exposing secrets in shell history.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
This markdown file describes `obd cluster component del` and notes deletion order, but it does not explicitly warn that the command removes deployed components and may impact cluster availability or monitoring functionality. Under the markdown-specific SQP-2 criteria, destructive operations that can affect system integrity should include a clear user-facing warning about impact and reversibility.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This markdown file describes `obd mirror clean` and states that it removes cached mirror data, but it does not include any caution about potential loss of locally cached artifacts or the operational impact of clearing repository cache state. For markdown files, safety-affecting behaviors should include a user warning when they may affect user data or system integrity.

Vague Triggers

Medium
Confidence
85% confidence
Finding
This is a markdown file, so vague-trigger review applies. The description says to use the skill when users "mention seekdb, obd seekdb, or need a lightweight OceanBase-based database," which includes a very broad product-name mention and a loosely defined need state, without exclusion conditions or clearer scope boundaries.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This markdown file instructs users to drop a tenant, which is a destructive and potentially irreversible operation, but it provides no warning about data loss, backup prerequisites, or need for confirmation. Under the markdown-specific warning rule, the skill description should disclose behaviors that can affect user data or system integrity.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The skill describes backup configuration, backup execution, and restore operations, but it does not warn users that restore actions can affect existing tenant state or require careful validation of backup paths and targets. For markdown skill descriptions, operations affecting user data should include explicit safety and integrity warnings.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The description says to use the skill when users want to 'benchmark, stress test, run functional tests, or evaluate OceanBase cluster performance,' which is broad and lacks exclusion conditions. Although OceanBase is named, the activation guidance does not clearly distinguish this skill from other testing or performance-analysis contexts, increasing the chance of unintended invocation.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The markdown explains how to run Sysbench, TPC-H, TPC-C, and mysqltest against a running OceanBase cluster, but it does not warn that these operations can generate heavy load, alter test data, or affect cluster performance. For a skill that benchmarks and stress-tests systems, users should be clearly informed of operational impact before use.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal