ClawHub
Back to skill

Security audit

Deploy Xray VLESS using 3X UI on your VPS

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-built for VPS administration, but it deserves review because it can make broad root-level server changes and has under-disclosed safety gaps.

Install only for a VPS you control, preferably a dedicated Ubuntu/Debian host. Review the scripts first, back up firewall and service configuration, prefer SSH keys over --ssh-password, use only a localhost SSH tunnel or trusted HTTPS panel URL, and do not rely on add-inbound-client --dry-run as offline-only until fixed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill explicitly performs remote shell and network operations against a VPS, but it does not declare permissions corresponding to those capabilities. This creates a trust and governance gap: operators or platforms may not realize the skill can modify remote infrastructure, install software, open tunnels, and transmit credentials over networked workflows.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script accepts a plain-text SSH password via a command-line flag, which can be exposed through shell history, process listings, CI logs, and audit tooling on the local machine. Because this skill targets root-managed VPS deployment, compromise of that password can directly lead to full remote host takeover.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script posts admin credentials to whatever --panel-url the operator supplies without verifying that the URL uses HTTPS, is loopback-only, or otherwise protected by the expected SSH tunnel. In this skill’s context, the panel is an administrative interface for a root-managed VPS, so sending credentials over plaintext HTTP or to a mistyped/hostile endpoint could expose full panel access and enable unauthorized proxy or server reconfiguration.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script accepts an SSH password via a command-line argument and forwards it to another helper script. Command-line arguments are commonly exposed through process listings, shell history, audit logs, and orchestration tooling, which can leak credentials to other local users or monitoring systems. In this skill's context, the password likely grants SSH access to a root-managed VPS, making disclosure more consequential than an ordinary low-privilege secret.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
This script explicitly supports passing an SSH password on the command line and then exports that secret into the process environment for an askpass helper. Plain-text CLI arguments and environment variables can be exposed through shell history, process listings, logs, crash reports, or inherited subprocess state, making credential disclosure a realistic risk on multi-user systems or in automated agent environments.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script explicitly accepts an SSH password via a command-line argument, which can expose the secret through shell history, process listings, audit logs, and CI job metadata. In a VPS administration skill that is expected to handle privileged remote operations, this creates unnecessary credential disclosure risk.

Missing User Warnings

High
Confidence
98% confidence
Finding
The remote script performs `ufw --force reset` and reapplies a minimal ruleset without an interactive confirmation or preflight validation. This is dangerous because it wipes existing firewall policy and can accidentally remove required management or application rules, causing service exposure changes or remote lockout on production VPS hosts.

Credential Access

High
Category
Privilege Escalation
Content
- `ssh <target> 'ss -ltnp | egrep ":2053 |:2096 |:1234 |:443 |:80 "'`
- `ssh <target> 'docker compose -f /opt/3x-ui/docker-compose.yml ps'`
- `ssh <target> 'curl -I http://127.0.0.1:2053/'`
- `ssh <target> 'cat /opt/3x-ui/bootstrap.env'`
- local tunnel check: `lsof -nP -iTCP:12053 -sTCP:LISTEN`

Interpretation:
Confidence
91% confidence
Finding
.env'

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.