ClawHub

Seekdb

Security checks across malware telemetry and agentic risk

Overview

The skill is a legitimate SeekDB install/build helper, but it includes high-impact privileged install and cleanup instructions that are not scoped or warned about clearly enough.

Review the install commands before using this skill. Prefer signed HTTPS package sources, avoid the apt '[trusted=yes]' repository form, confirm before enabling persistent services or opening firewall ports, and back up SeekDB data before running any cleanup or uninstall step.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The document instructs the agent to generate and launch a VBScript/BAT installer with Administrator privileges, enabling unattended MSI install, service registration, and system changes. For a skill described as an overview/routing entry point, embedding privileged execution steps materially expands capability and increases the chance an agent performs sensitive actions without sufficient scoping, review, or user confirmation.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The file goes far beyond overview guidance and contains end-to-end operational procedures: downloading binaries, unattended installation, database initialization, Windows service installation, uninstall logic, and optional firewall changes. This scope mismatch is risky because a user or agent invoking a supposedly informational routing skill could be led into making persistent, privileged, and network-exposing system changes.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The instructions add a third-party APT repository with '[trusted=yes]', which disables normal package signature verification for that source, then install a package with sudo. If the mirror is compromised, intercepted, or serves unexpected content, the user could install arbitrary root-level packages. In an installation guide, this context makes the issue more dangerous because the commands are presented as the recommended path and are likely to be copied verbatim.

Missing User Warnings

Low
Confidence
82% confidence
Finding
Starting and enabling a systemd service causes SeekDB to run immediately and persist across reboots, expanding the system's attack surface if the service is exposed or misconfigured. This is not inherently malicious, but the absence of a warning means users may not realize they are creating a persistent background service.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The uninstall command runs a privileged cleanup script from '/var/lib/seekdb/seekdb_clean.sh' without describing what it deletes. Such scripts can remove data directories or perform broad filesystem cleanup, so users may trigger destructive actions or execute a tampered local script as root. The skill context increases risk because the command is presented as a routine uninstall step.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation recommends an uninstall command that chains package removal with execution of a cleanup script, but it does not warn that this may irreversibly delete database files and user data. Users may run it expecting a simple uninstall and unintentionally destroy stored data or system state.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The uninstall script deletes C:\ProgramData\seekdb recursively, which likely includes live database files, without an explicit warning that data loss is permanent. Users may reasonably interpret the script as a standard uninstall and not realize it also destroys stored data, backups, and local state.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal