ClawHub

Databricks

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a legitimate Databricks connector, but it routes very broad Databricks requests through actions that can affect jobs, secrets, and workspace state without enough visible guardrails.

Review this before installing if the connected Databricks account can affect production jobs, secrets, or workspace resources. Use least-privilege Databricks credentials, confirm destructive or disruptive actions such as canceling runs before execution, and avoid letting broad Databricks requests run automatically without checking the target workspace, job, and payload.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger phrase instructs the agent to use this skill for "ANY Databricks request," which is unnecessarily broad and can route sensitive, destructive, or out-of-scope Databricks tasks through a single high-privilege integration without clear guardrails. In this skill, that broad scope is more dangerous because the action set includes create, update, delete, secret, and workspace operations, increasing the chance of unsafe invocation or overreach.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This skill documents a destructive operation that cancels a Databricks job run but provides no warning, confirmation guidance, or safeguards before invocation. In an agentic context, that omission increases the chance of accidental or unauthorized disruption of running data pipelines, especially because the skill is positioned for broad use on ANY Databricks request.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal