ClawHub

Server Audit

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate server-audit checklist, but it uses root SSH and includes a report-saving step that conflicts with its read-only framing and could store sensitive infrastructure details in the wrong place.

Install only if you administer the target servers and are comfortable supervising root SSH commands. Treat the audit output as sensitive, run only the listed read-only diagnostics unless you intentionally opt into report creation, and confirm the exact host, path, permissions, and overwrite behavior before saving any documentation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The skill presents itself as a read-only audit, but it requires direct SSH access as root to a remote host. Even if the listed commands are mostly read-only, using the root account materially increases blast radius if commands are modified, placeholders are substituted unsafely, or the skill is reused in a broader automation context.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The instructions say to create documentation 'on Sofiika's server', but the provided mkdir command operates on a local filesystem path without any explicit remote execution step. This can cause sensitive audit data to be written to the wrong machine, unintentionally persisting infrastructure details on the audited host or the operator's current environment.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill goes beyond read-only auditing and instructs the agent to create directories and write a documentation file under /DATA/local_database on another system. In an agent context, unsolicited write actions expand the blast radius from inspection to modification, and can overwrite, misfile, or persist sensitive infrastructure data without an explicit confirmation step.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill instructs collection of highly sensitive system, hardware, network, process, and log data over SSH as root without an explicit privacy, credential, or data-exposure warning. This can expose host inventory, running services, login history, failed authentication attempts, and storage details that would be valuable for reconnaissance if mishandled or shown to an unintended party.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The audit gathers highly sensitive system information including hardware identifiers, serial numbers, open ports, services, logs, IP addresses, and failed login history, but does not warn the user that this data may be exposed in chat output or logs. In an agent setting, displaying this information broadly can leak operational details useful for reconnaissance or incident escalation.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documentation-saving section instructs persisting detailed audit results into an Obsidian vault path, including hostnames, IPs, storage details, network configuration, services, and security findings, without any warning about retention or access control. Persisting this inventory creates a durable target for attackers and increases blast radius if the vault or endpoint is compromised.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The instructions direct creating directories and saving results to a fixed path on 'Софійки' server without any warning, confirmation, or overwrite protection. This is dangerous because an operator or autonomous agent could modify the wrong system, clobber existing documentation, or store sensitive host inventory data in an unintended project path.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal