ClawHub
Back to skill

Security audit

Graylog Log Search

Security checks across malware telemetry and agentic risk

Overview

This is a documented, read-only Graylog log-search skill, with cautions around broad triggers, production-log sensitivity, and its external npm runtime.

Install only if you need AI-assisted access to Graylog production logs and trust the npm package publisher. Use a least-privilege, read-only Graylog token, keep the package pinned to the reviewed version, avoid broad production credentials, and be aware that generic log-related prompts may activate the skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger list contains broad phrases such as 'logs', 'production debugging', 'error logs', and 'debug logs' that can match many generic user requests, causing this skill to activate outside its intended scope. Because the skill interfaces with production Graylog data, over-triggering increases the chance of unnecessary access to sensitive operational logs and accidental use in contexts where a more specific tool should have been selected.

Shadow Command Trigger

Medium
Category
Trigger Abuse
Confidence
84% confidence
Finding
The trigger phrase 'log search' is close to a built-in 'log' command and can shadow or intercept requests intended for a more general logging function. In this skill's context, that misrouting is more dangerous because invocation may lead to searches over production logs, exposing sensitive telemetry or creating unintended access paths during ordinary user interactions.

Shadow Command Trigger

Medium
Category
Trigger Abuse
Confidence
80% confidence
Finding
The trigger 'debug logs' overlaps conceptually with a built-in 'debug' command and may capture generic debugging requests not meant for this Graylog integration. Since the skill provides access to production log-search capabilities, accidental invocation can broaden exposure to operational data and create confusing or unsafe tool-selection behavior.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.