ClawHub

Proxmox VE Manager

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Proxmox management skill, but it can perform disruptive infrastructure actions if used with powerful API credentials.

Install only if you want an agent to help manage Proxmox infrastructure. Use a least-privilege Proxmox API token, store it carefully, and require explicit user approval before running stop, reboot, rollback, delete, or backup commands against production systems.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

Low
Confidence
77% confidence
Finding
The manifest describes routine VM and container management, but the documentation also enables higher-risk operations such as snapshot rollback, snapshot deletion, and backup initiation. This scope mismatch can mislead reviewers or users about the true power of the skill, causing riskier actions to be approved or invoked unexpectedly.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill documents start, stop, shutdown, reboot, rollback, and delete operations without requiring confirmation or warning about service interruption and data loss. In an agent setting, this materially increases the chance of accidental destructive actions against production VMs and containers.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The instructions tell users to export or store long-lived Proxmox tokens but do not warn that shell history, environment exposure, process inspection, or insecure file handling can leak secrets. Because these credentials grant administrative API access, exposure could lead to full infrastructure compromise.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal