ClawHub

Ai Automation Workflows

Security checks across malware telemetry and agentic risk

Overview

This skill is a transparent guide for inference.sh automation, with normal but important privacy and shell-scripting risks to manage.

Install only if you intend to build inference.sh automations. Prefer the manual or checksum-verified CLI install path, review any cron jobs you add, do not send secrets or private files to model prompts or webhooks, and redact command output before alerting to external services.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The monitoring example uses a generic curl webhook despite the skill declaring only infsh Bash usage, which expands the effective capability surface beyond what a user may expect. It also sends error output and command context to an external endpoint, creating a real data exfiltration path if copied into production workflows.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The webhook alert example transmits raw command output and the executed command string to an external service without warning or sanitization. Errors often contain prompts, tokens, file paths, stack traces, or user data, so this creates a realistic accidental disclosure channel.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The data-processing example reads local files and embeds their contents directly into a remote model prompt without any privacy notice or data classification step. If users apply it to sensitive datasets, the script can silently transmit confidential local information to a third-party service.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal