ClawHub

Kefir Batch Manager

Security checks across malware telemetry and agentic risk

Overview

This is mostly a normal local kéfir tracker, but it includes bottle-conditioning guidance that could create dangerous pressure without enough safety warnings.

Review the fermentation safety content before relying on this skill. Do not follow the champagne-style or priming-sugar bottle-conditioning instructions as written unless you already understand pressure-safe fermentation practices: use only pressure-rated bottles, leave headspace, check pressure frequently, shorten conditioning when needed, refrigerate before opening, and open away from faces with eye and hand protection.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The Champagne-style recipe explicitly instructs users to add priming sugar and condition bottles at room temperature for 7 days, which can create dangerous pressure buildup. Although it mentions using pressure-rated bottles, it does not warn about explosion risk, safe burping/monitoring practices, or injury from shattered glass, so users could be harmed while following the instructions.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The second-fermentation instructions recommend sealed, pressure-rated bottles, priming sugar, and warm room-temperature conditioning, but do not warn that pressure can build rapidly and cause gushers or bottle rupture. In a fermentation skill, users are likely to follow these steps directly, so omission of a safety warning meaningfully increases risk of injury and property damage.

VirusTotal

53/53 vendors flagged this skill as clean.

View on VirusTotal