ClawHub

r2-uploader

Security checks across malware telemetry and agentic risk

Overview

This is a real Cloudflare R2 upload helper, but it also gives broad upload and deletion powers without enough guardrails.

Install only if you want an agent to use your Wrangler/Cloudflare account to upload files to R2. Confirm the exact file set, bucket, object path, and public accessibility before any upload; avoid broad directories and sensitive folders; and require explicit approval before using any delete or bucket-management command.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The skill is presented as an uploader that returns public URLs, but it also documents remote object deletion commands. This expands the effective capability from write-only upload to destructive storage administration, increasing the risk that the agent could be induced to delete data when the user only expected upload behavior.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
Including `wrangler r2 object delete` in an uploader skill creates a capability mismatch that can lead to accidental or prompt-induced destructive actions. In an agent environment, undocumented or unexpected destructive primitives are dangerous because they are easy to misuse and hard for users to anticipate.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger words are broad and overlap with common language about uploads, storage, files, and Cloudflare, which increases the chance of unintended activation. Because this skill can upload local files to remote storage and produce public URLs, misfires can result in unintended data exfiltration or publication.

Missing User Warnings

High
Confidence
95% confidence
Finding
The skill description does not clearly warn that files will be transferred to remote Cloudflare R2 storage and that the result may be a publicly accessible URL. This is dangerous because users may believe the action is a local file manipulation rather than external publication, leading to accidental disclosure of sensitive data.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The direct-from-URL upload flow fetches arbitrary remote content and stores it in R2 without warning about the network retrieval or trust implications. This can be abused to proxy untrusted content into managed storage, ingest unexpected large or malicious files, or cause the agent to interact with attacker-controlled endpoints.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill includes destructive delete commands but provides no warning, confirmation requirement, or safeguard around data removal. In practice, this raises the risk of accidental deletion or prompt-injected misuse against R2 objects that the user did not intend to remove.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The examples perform bulk and concurrent uploads of local files to Cloudflare R2, but they do not warn users that matching files from the current or specified directory will be transmitted to remote storage. In an agent skill whose purpose is uploading to R2, this increases the chance of accidental exfiltration of sensitive files, especially when users or downstream agents run the snippets with broad paths or in the wrong working directory.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal