ClawHub

Lite Sqlite

Security checks across malware telemetry and agentic risk

Overview

This is a local SQLite helper whose read, write, delete, query, and backup powers match its purpose, but users should restrict it to intended database files.

Install only if you want agents to manage local SQLite databases. Limit use to specific approved database and backup paths, require explicit confirmation before destructive SQL such as DELETE, UPDATE without tight filters, DROP, VACUUM, restore, or migration operations, and avoid storing secrets or sensitive conversations unless retention is intentional.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The CLI intentionally exposes a raw `query` subcommand that accepts arbitrary SQL from the user, which goes well beyond a narrowly scoped agent-data storage interface. In an agent context, this can enable destructive statements, schema tampering, data exfiltration from any attached SQLite database, and abuse of dangerous SQLite features if an upstream agent passes untrusted input into this CLI.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill description is broadly phrased ('use when creating or managing SQLite databases' and general persistence/caching language) without clear guardrails about when it should or should not be invoked. In agentic systems, vague trigger boundaries can cause over-selection of a data-management skill in contexts involving sensitive or destructive operations, increasing the chance of unintended database access or misuse.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The document includes deletion and replacement-style operations as normal examples without any warning, confirmation requirement, or backup guidance. In an agent skill, this can normalize destructive actions and lead an autonomous agent to delete rows or overwrite records without surfacing data-loss risk to the user.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal