ClawHub

Ovh

Security checks across malware telemetry and agentic risk

Overview

This OVHcloud admin skill appears legitimate, but it can immediately change DNS, stop or reboot servers, and read account or billing data without built-in safeguards.

Install only if you want an agent to administer real OVHcloud resources. Use least-privilege OVH API keys, avoid production-wide credentials when possible, treat account/billing outputs as sensitive, and require explicit human confirmation before DNS delete/update/refresh or server stop/reboot actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The skill claims broad OVH management functionality, but the documented commands also access account profile data and billing/order history, which are more sensitive than routine infrastructure management and are not clearly called out in the description. This mismatch can lead users or orchestrators to invoke the skill in contexts where exposure of personal or financial account data is unexpected.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The activation text is extremely broad and could cause the skill to trigger for many OVH-related prompts, including ambiguous ones that do not require direct API access. Over-broad routing increases the chance of unnecessary access to sensitive account resources or accidental execution of impactful operations.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation advertises destructive and service-impacting operations like DNS deletion, VPS stop/reboot, and server reboot without any warning, confirmation requirement, or rollback guidance. In an agent setting, this increases the risk of accidental outages, downtime, or configuration loss from normal-language requests or misinterpretation.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The setup instructions ask users to export long-lived API secrets directly into environment variables without any privacy, rotation, or least-privilege warning. While common operationally, this can lead to accidental exposure through shell history, process inspection, debugging output, or insecure host environments.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal