ClawHub

amphp

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent AMPHP coding guide, but several production-oriented examples model unsafe server, credential, and upload handling that users should review before installation.

Install only if you are comfortable reviewing generated AMPHP code for production safety. Treat credentials as placeholders, bind demo servers to localhost unless intentionally exposed, sanitize upload filenames, and run database/Redis examples only against local or disposable development services.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
82% confidence
Finding
The README states that the skill activates automatically on broad cues such as `Amp\Future`, `Amp\async`, `Amp\delay`, `Revolt\EventLoop`, and even `amphp/*` or generic async server patterns. In an agent setting, overly broad activation can cause the skill to inject persistent behavioral guidance into unrelated PHP tasks, increasing prompt-scope creep and the chance that the agent follows domain-specific instructions when they were not explicitly requested.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The MySQL examples embed realistic credential-bearing connection strings such as `user=root password=secret` and `password=s3cr3t db=prod` without clearly labeling them as placeholders. In a documentation skill, readers may copy these snippets directly into code or config, normalizing hardcoded secrets and increasing the risk of credential leakage, accidental production use, or insecure secret management practices.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The Redis documentation shows authenticated URIs and live mutating operations (`set`, `delete`, pub/sub, cache writes) without warning that the password is illustrative and that these commands affect real data. In a skill intended to guide implementation, this can lead users to hardcode secrets, paste real credentials into source, or run destructive examples against shared or production Redis instances.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The upload examples write files using client-supplied filenames directly into /uploads, which can enable path traversal, overwriting existing files, or storage of unsafe content if reused verbatim. In a code example for server-side upload handling, this is more dangerous than generic file I/O because it models a common untrusted-input boundary without safeguards.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The example explicitly exposes the server on 0.0.0.0:8080, which binds to all network interfaces and can unintentionally make a demo or development service reachable from untrusted networks. In a skill teaching how to build a production-ready AMPHP HTTP/WebSocket server, this is more dangerous because users are likely to copy the example verbatim into real deployments without adding access controls or understanding the exposure.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal