ClawHub

Aws Best Practice Research

Security checks across malware telemetry and agentic risk

Overview

The skill has a legitimate AWS assessment purpose, but its live-assessment path handles credentials in a risky way that users should review before installing.

Install only if you are comfortable reviewing live-assessment steps before they run. Prefer an AWS profile or temporary read-only IAM role scoped to the target account, region, and service. Avoid providing credential files to be sourced, and keep generated reports out of public repositories because they may include infrastructure and security configuration details.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The skill explicitly instructs sourcing a user-provided credential file with `source <credential-file-path>`, which executes arbitrary shell commands contained in that file, not just credential assignments. Because the file path is user-controlled and this occurs in a workflow framed as AWS assessment, it creates a direct command-execution path that can compromise the local environment, exfiltrate credentials, or modify files.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger list contains broad phrases like 'assessment', '帮我查找', and '帮我检查', which can cause the skill to activate in contexts where the user did not intend AWS research or live resource inspection. In this skill, unintended invocation is more dangerous because the workflow may proceed toward filesystem writes and AWS CLI activity if additional context is present.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill directs writing markdown files to the local working directory without first warning the user that it will modify the filesystem or obtaining confirmation. Silent file creation is a risky side effect because it can overwrite expectations about a read-only research task, leak sensitive assessment content to disk, or interact poorly with privileged working directories.

Missing User Warnings

High
Confidence
99% confidence
Finding
The live assessment flow combines shell execution of a user-provided credential file with no explicit warning about command execution or credential risk. This makes the issue more dangerous than a generic warning omission: the user may believe they are only supplying credentials, while the agent is actually instructed to execute arbitrary shell content under the current user context.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill instructs execution of AWS CLI commands against user resources without an upfront warning or confirmation that the agent will access the user's AWS account and enumerate resource configuration. Even if intended to be read-only, these commands can expose sensitive infrastructure metadata and normalize account access without explicit consent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal