ClawHub

DBA多AI协作系统

Security checks across malware telemetry and agentic risk

Overview

This DBA helper is mostly coherent, but it tells the agent to automatically save database environment details and task history without clear consent, retention, or deletion controls.

Install only if you are comfortable with persistent DBA context being saved locally by the agent. Avoid sharing passwords, connection strings, hostnames, production topology, and incident details unless memory is disabled or you have a clear way to review and delete what is stored. Treat scheduled inspections and reports as requiring separate approval and least-privilege database access.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

High
Confidence
95% confidence
Finding
The skill is configured to trigger on essentially any database-related request, which creates an overbroad activation boundary. This can cause the skill to engage in contexts the user did not explicitly intend, increasing the chance of unnecessary data exposure, unintended instruction precedence, or execution of sensitive DBA-oriented workflows inappropriately.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill enables automatic persistent storage of environment details, task history, and user preferences without an explicit consent or retention notice. In a DBA context, these records may include highly sensitive infrastructure metadata, making silent retention a significant privacy and security risk if accessed by unauthorized users or reused outside the original purpose.

Ssd 3

Medium
Confidence
96% confidence
Finding
The memory rules instruct the system to continuously collect, update, and reuse user-provided environment and history data across sessions without clear minimization or purpose limitations. Because this is a database administration skill, the remembered data can reveal production architecture, technologies in use, maintenance patterns, and operational history, which materially increases reconnaissance and confidentiality risks.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal