ClawHub

Warehouse UI

Security checks across malware telemetry and agentic risk

Overview

This database skill does what it says, but it can connect to real databases and execute SQL, including AI-generated SQL, without clear safety or privacy guardrails.

Install only if you intend to let an agent work with real database connections. Use read-only or least-privilege database credentials, avoid privileged saved production connections, review generated SQL before running it, prefer dry-run/limits where available, and check the upstream release source and any AI-provider data handling before using AI queries with sensitive schemas or business data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly encourages running arbitrary SQL and even AI-generated SQL with `--execute`, but it does not warn that generated or user-supplied statements may be destructive, write data, or trigger expensive operations. In a database-administration context, this omission is dangerous because users may assume examples are safe and accidentally execute `UPDATE`, `DELETE`, `DROP`, or other side-effecting statements against production systems.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation tells users to configure external AI providers via API keys and generate SQL from natural language, but it does not disclose that prompts, schema details, and possibly query context may be transmitted to third-party services. This creates a privacy and data-governance risk, especially when database structure, table names, business terms, or sensitive query content are included in prompts sent outside the organization.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal