ClawHub

Portainer Docker Control

Security checks across malware telemetry and agentic risk

Overview

This skill does what it advertises, but it gives an agent powerful Docker/Portainer control while handling the API token insecurely and disabling TLS certificate checks.

Review before installing. Use this only with a least-privilege Portainer token, keep the token out of repos and logs, restrict file permissions on any env file, and avoid using it against production unless your agent requires explicit confirmation before stop, restart, or redeploy. The script should be changed to validate TLS certificates instead of using curl -k.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documented commands perform disruptive actions against live services, but the skill does not warn about downtime, restarts, rebuild side effects, or production impact. In conversational or semi-automated use, this can lead to accidental service interruption from a routine-sounding request.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill instructs users to place a high-privilege Portainer API token into a local env file without discussing token sensitivity, file permissions, rotation, or least-privilege handling. If that file is exposed through backups, logs, repo commits, or local compromise, an attacker could gain control over containers and stacks.

Vague Triggers

Low
Confidence
84% confidence
Finding
The natural-language triggers are broad and map directly to powerful infrastructure actions such as redeploying websites or restarting services. In an agent environment, such ambiguous phrasing raises the risk of unintended invocation from ordinary conversation or context leakage, leading to accidental operational changes.

Missing User Warnings

High
Confidence
99% confidence
Finding
All helper API functions use curl with -k, which disables TLS certificate validation and allows man-in-the-middle interception or spoofing of the Portainer server. Because the script also sends an API key in every request, an attacker on the network path could steal credentials and issue container-management actions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal